On 2012-08-15 1:36 PM, Manfred Moser wrote:
On Wed, August 15, 2012 12:54 pm, Eric Kolotyluk wrote:
OK, now I see why I cannot find any documentation for what I want. 3
different people misunderstood what I was asking for. I must be asking it
wrong, or thinking about it wrong.
Basically, when I have a situation where I have some username and password
for the scm plugin, where do I store such information, and how do I
configure the scm plugin, the release plugin, etc. to find that
information?
I was reading
http://www.mosabuam.com/2009/10/company-super-pom-a-maven-practice and he
says to put the passwords in your settings.xml file, but I have no idea
what his intent is without any tangible example.
That is a post of mine from ages ago that should really point to my new
website at http://simpligility.com at this stage or even have the content
updated and moved to the new site .. but then there is so much other stuff
to blog about too ;-) .. and the username and password there was meant for
the deployment to a repo server and for that you can use the maven
settings encryption stuff (although I think that is a rather painful
process..)
Anyway.. in terms of the scm passwords you can do a few things depending
on your scm system.
- with git you can just use ssh and authenticate once on the machine and
never worry again.
- with svn you can add user name and password to the url in the scm
section right in the pom or you could add them as properties in the pom
and then set the properties in your settings.xml or so
- another option is to set them as environment variables and reference
them in the pom as property like ${env.SVN_USER_NAME} or along these lines
- with the svn scm provider you can also set username and password in the
plugin configuration rather than the connection url, and you can then fill
these values again from properties or environment variable values
imho the git option is the cleanest but is of course limited to using git
(or svn with the git-svn bridge ;-)
It all depends on how secure you really need it to be what option you want
to choose..
manfred
After visiting http://www.simpligility.com/ I was not sure where to go
next for something relevant to this discussion. Did you have a more
specific URL?
We are using Perforce for our SCM.
So, what I am currently doing is creating a profile called "user" in my
local settings.xml file, and in that profile I set the password and
username properties, then I activate that profile. It seems to work fine
for me and it fairly straightforward to document and explain to people.
Then in our corporate POM I reference those password and username
properties in the scm and p4maven plug-in configurations. Does what I am
doing makes sense, or is there a better way to do it? The general idea
is that all personal information stays in a person's personal
settings.xml file.
I considered using environment variables as you suggested, Manfred, but
somehow keeping all Maven stuff in a personal settings.xml file seem
easier to document.
I understand the vulnerability of putting any passwords or secret
information in clear-text in a file, but security always needs to be
balanced with complexity and conveniences. I will have to read up more
on all the password protection schemes others have pointed out, but they
do seem more complicated.
Anyway, things are becoming more clear to me, but much of this stills
seems like another dark art aspect of Maven :-)
Cheers, Eric
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
