Hi, Earlier encrypted password text of the user provided repo password is sent with the ArtifactUpdate event. The cartridge agent decrypt the text with the key sent with payload. However with grouping since there are no subscriptions, encrypted text can not be sent in the event by SM. Possible solutions are,
1) Send the encrypted text in payload Now the encrypted text and key both in the same place which is not safe. 2) Publish encrypted text to metadata service AS published the encrypted text to the metadata service at the time of application parsing. Cartridge instance get the text from metadata service. This has the overhead of publishing to metadata service and retrieving from it. WDYT? -- Udara Liyanage Software Engineer WSO2, Inc.: http://wso2.com lean. enterprise. middleware web: http://udaraliyanage.wordpress.com phone: +94 71 443 6897
