[
https://issues.apache.org/jira/browse/SCM-710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17962651#comment-17962651
]
ASF GitHub Bot commented on SCM-710:
------------------------------------
jira-importer commented on issue #916:
URL: https://github.com/apache/maven-scm/issues/916#issuecomment-2964632843
**[Eddie
Webb](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=eddiewebb)**
commented
Yes, we use the maven release plugin with these encrypted passwords
regularly, (setup master password, encrypted all passwords, and added to server
section of settings.xml) and have no plain text passwords anywhere. This has
been working for several months now.
THe issue we are experiencing is unique to the SCM plugin which does not
seem to respect the encryption. The use case is that I am bootstrapping a
project by programatically plopping a pom.xml on the server, and invoking
mvn scm:checkout
> Use of encrypted password in pom.xml confiuration is ignored
> ------------------------------------------------------------
>
> Key: SCM-710
> URL: https://issues.apache.org/jira/browse/SCM-710
> Project: Maven SCM (Moved to GitHub Issues)
> Issue Type: Bug
> Components: maven-plugin
> Reporter: Eddie Webb
> Priority: Major
>
> THe docs for this plugin say I can use encrypted passwords just like we do
> for the release plugin.
> It does not seem to support the same
> <project.scm.id>non-hostname-id</project.scm.id> that the release plugin
> does, so I included the username and encrypted password directory in the
> plugin config.
> {noformat}
> ...
> <plugin>
> <groupId>org.apache.maven.plugins</groupId>
> <artifactId>maven-scm-plugin</artifactId>
> <version>1.8.1</version>
> <configuration>
> <username>username</username>
> <password>{EncycptedStringGeneratedFromMvnPassword=}</password>
> </configuration>
> </plugin>
> </plugins>
> ...
> {noformat}
> But the SCM fails with authentication issue, and the SVN logs determine that
> no user ID is sent.
> If I instead include the hostname as a server ID in settings.xml, or include
> these values on the command line, in both cases it invokes a 500 from the
> application server.
> mvn scm:checkout -Pforge -Dusername=myuser
> -Dpassword={EncycptedStringGeneratedFromMvnPassword=}
> svn: Server sent unexpected return value (500 Internal Server Error) in
> response to OPTIONS request for https://my-svn
> This 500 can be duplicated in a browser by passing the un-encrypted string
> {foo=}.
> h3. summary
> regardless of where I place the encruypted password it is either ignored, or
> not decrypted before being sent to the webserver.
> Can you please document an example of how to use the encrypted passwords, or
> support the same approach as the release plugin.
> http://jira.codehaus.org/browse/MRELEASE-420
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
