Markus KARG created MGPG-47:
-------------------------------
Summary: Support for Maven Password Encryption
Key: MGPG-47
URL: https://jira.codehaus.org/browse/MGPG-47
Project: Maven GPG Plugin
Issue Type: Wish
Reporter: Markus KARG
To automate usage of the GPG plugin, it is needed to provide the key store
password as a command line argument. This implies that (a) a potential
(automatic) user must use explicity CLI arguments and cannot rely on the POM as
the one-and-only place to store all build configuration, and (b) everybody can
read that password when inspection the build automation configuration.
Maven has the technology to encrypt passwords using a master password (and have
that one stored on a detachable USB token in encrypted way). Maven's
documentation only contains examples how to use that with repository accounts.
It would be pretty cool if the GPG plugin could use that encrypted tokens, i.
e. what I would see as the optimal solution is that Maven can use encrypted
tokens anywhere in the POM as a variable, and that the GPG plugin can read the
key store password from the POM. In combination this would allow to solve
problems (a) and (b): The sole configuration location is the POM, and the
password is encrypted.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
