[jira] [Commented] (SCM-764) username and credentials shown as INFO on commadline

Wed, 11 Jun 2025 21:00:20 -0700 


    [ 
https://issues.apache.org/jira/browse/SCM-764?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17962909#comment-17962909
 ] 

ASF GitHub Bot commented on SCM-764:
------------------------------------

jira-importer opened a new issue, #971:
URL: https://github.com/apache/maven-scm/issues/971

   **[Thomas 
Wabner](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=waffel)** 
opened 
**[SCM-764](https://issues.apache.org/jira/browse/SCM-764?redirect=false)** and 
commented
   
   Using git repository with gitblit on HTTPS.
   
   Every git command which involve the remote repository (like fetch, pull, 
push and so on) showing the username and credentials on the commandline like 
this:
   
   [INFO] Executing: cmd.exe /X /C "git push 
https://user:secret@devserver/gitblit//r/waffel/devopts.git test-branch"
   
   It should be avoided to ever print out passwords on the command line. I have 
encrypted the password in maven settings.xml ... but now it comes back and 
anybody can see them (also on a continues build server which should push with a 
dedicated user to a central repo).
   
   
   ---
   
   1 votes, 4 watchers
   




> username and credentials shown as INFO on commadline
> ----------------------------------------------------
>
>                 Key: SCM-764
>                 URL: https://issues.apache.org/jira/browse/SCM-764
>             Project: Maven SCM (Moved to GitHub Issues)
>          Issue Type: Bug
>          Components: maven-scm-provider-gitexe
>         Environment: Apache Maven 3.2.1 
> (ea8b2b07643dbb1b84b6d16e1f08391b666bc1e9; 2014-02-14T18:37:52+01:00)
> Maven home: D:\Dev\maven\apache-maven-3.2.1
> Java version: 1.7.0_51, vendor: Oracle Corporation
> Java home: D:\Dev\Java\jdk7_51_x64\jre
> Default locale: de_DE, platform encoding: Cp1252
> OS name: "windows 7", version: "6.1", arch: "amd64", family: "windows"
>            Reporter: Thomas Wabner
>            Assignee: Olivier Lamy
>            Priority: Major
>             Fix For: 1.9.4
>
>
> Using git repository with gitblit on HTTPS.
> Every git command which involve the remote repository (like fetch, pull, push 
> and so on) showing the username and credentials on the commandline like this:
> [INFO] Executing: cmd.exe /X /C "git push 
> https://user:secret@devserver/gitblit//r/waffel/devopts.git test-branch"
> It should be avoided to ever print out passwords on the command line. I have 
> encrypted the password in maven settings.xml ... but now it comes back and 
> anybody can see them (also on a continues build server which should push with 
> a dedicated user to a central repo).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to