Hi I'm working in a corporate environment, with maven builds processed on atlassian bamboo servers. I've been asked to investigate a solution to encrypt passwords present in the custom settings.xml file against our corporate encryption software.
I've started with the maven's master-password procedure, but with this procedure, we faced the distributed bamboo's remote agents issue. passwords must be encrypted using the master password of the server it is going to be decrypted later on, and with bamboo agents, you cannot guarantee on which server the build will be executed. Then I read about ssh encrypted passwords, but this requires ssh login for each of our customers on our servers, which they don't have. We have to many users to create unix accounts for each of them, and furthermore, we don't want them to access our servers by other meanings than the bamboo interface. Not mentioning they should have access to every remote agent. so this is why we finally get to the point we need to force our bamboo users to include in their project their own settings.xml file, which they call in their build with the "-s" parameter. in settings.xml however, the passwords are plain text, and so are readable by anyone. I was thinking about writing a maven plugin which could use our corporate encryption software to decrypt passwords. But I cannot figure out how to hook this inside maven. I already wrote a plugin that reads the settings.xml file, but how to "push" the decrypted password inside the maven build process? I'd need something as a "hook" but cannot find any. Thanks for everyone for taking the time to read this (quite) long message.
