[
https://issues.apache.org/jira/browse/MGPG-137?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17884221#comment-17884221
]
Tamas Cservenak commented on MGPG-137:
--------------------------------------
Just to clear up: in case of CI runs, the environment variable is recommended
as source of sensitive "passphrase". While in case of dev workstation runs use
of gpg-agent is best practice and recommended.
In any case, no sensitive data like passphrase should (or is even needed) to be
stored in settings.xml or POM properties, never ever.
> Un-deprecate passphraseServerId
> -------------------------------
>
> Key: MGPG-137
> URL: https://issues.apache.org/jira/browse/MGPG-137
> Project: Maven GPG Plugin
> Issue Type: Bug
> Affects Versions: 3.2.5
> Reporter: Lenny Primak
> Priority: Major
>
> IMHO this parameter has been deprecated in error.
> It is used to referenced the "server" field in settings.xml, where
> passphrases are stored in an encrypted fashion. This is actually safer than
> setting clear-text passwords in environment variables in practice.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
