Dear community, I'm searching the best practice for password encryption in a maven POM file *by project*, could by used by properties (like in ANT or WAGON). Sample : --- <plugin> <artifactId>maven-antrun-plugin</artifactId> <version>1.8</version> <configuration> <target> <echo message="Get docker certificates" /> <mkdir dir="cert" /> <scp file="root:${docker.password}@10.xx.xx.xx:/root/.docker/*" todir="cert" trust="yes" /> </target> </configuration> </plugin> ---
In this case, my *docker.password* could be a properties (pom or settings.xml) but must not be in clear text. The problem with Maven encryption <https://maven.apache.org/guides/mini/guide-encryption.html>: - I have a master password defined in *settings-security.xml* (locally) for my user need (like proxy password encryption in MY *settings.xml*) - The CI tools contains the same mechanism (own *settings-security.xml*) for global needs, like server encryption used in *settings.xml* for jar publication in repository ; and I can't retrieve this file => I can't use this mechanism for password encryption who works locally and on the CI server. *Is there a way to have a encryption mechanism for the project's perimeter ?* (and not for user's perimeter, current Maven encryption works perfectly for that). --- Using -s and -gs Maven options (=> user/global settings override) could be a workaround but : - Server item definition or properties defining password must be in clear text - Using this Maven settings for each build depending the project workspace is a little boring Perhaps is there a best way like a "private key by project" ... but I didn't found entry point about that. Thanks in advance. Best regards *NB*: This question was firstly on stackoverflow <https://stackoverflow.com/questions/33784790/maven-password-encryption-by-project>, but no really interest ^^. -- Alix Lourme