[
https://issues.apache.org/jira/browse/MGPG-47?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Osipov closed MGPG-47.
------------------------------
Resolution: Auto Closed
This issue has been auto closed because it has been inactive for a long period
of time. If you think this issue still applies, retest your problem with the
most recent version of Maven and the affected component, reopen and post your
results.
> Support for Maven Password Encryption
> -------------------------------------
>
> Key: MGPG-47
> URL: https://issues.apache.org/jira/browse/MGPG-47
> Project: Maven GPG Plugin
> Issue Type: Wish
> Reporter: Markus Karg
> Priority: Major
>
> To automate usage of the GPG plugin, it is needed to provide the key store
> password as a command line argument. This implies that (a) a potential
> (automatic) user must use explicity CLI arguments and cannot rely on the POM
> as the one-and-only place to store all build configuration, and (b) everybody
> can read that password when inspection the build automation configuration.
> Maven has the technology to encrypt passwords using a master password (and
> have that one stored on a detachable USB token in encrypted way). Maven's
> documentation only contains examples how to use that with repository accounts.
> It would be pretty cool if the GPG plugin could use that encrypted tokens, i.
> e. what I would see as the optimal solution is that Maven can use encrypted
> tokens anywhere in the POM as a variable, and that the GPG plugin can read
> the key store password from the POM. In combination this would allow to solve
> problems (a) and (b): The sole configuration location is the POM, and the
> password is encrypted.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
