Use encrypted data in a Maven pom

Question

I know that it is possible to encrypt a password and put the encrypted data in the settings.xml, so that Maven can access a remote server (for deployment, etc.)

Answer 1

Maven provided the necessary support to encrypt passwords in settings.xml, and for plugins to retrieve them. See for example SqlExecMojo.java.

Plugins "just" have to use this feature to be more user-friendly with credentials management.

Answer 2

up to no I'm also only aware of the password encryption you mentioned. All other encryption must be handled by the plugin itself. Or by a plugin. It may be a solution to put the encryption keys in settings.xml and use the properties-plugin to load the properties from the file (or just as inspiration source) and some library like jasypt to create your own encryption plugin. You could configure the plugin which properties to decrypt and replace and bind it to an early phase in the maven lifecycle.

I haven't seen something ready to use like this but it looks not too complicated.

Jasypt is also used for the same purpose with the Spring PropertyPlaceholderconfigurer (encrypt date in .properties files).

Answer 3

https://github.com/echocat/velma

echocat Velma

…is a Master-Password protected password safe for your maven passwords. These passwords are normally stored in .m2/settings.xml and could be protected by a master password in .m2/settings-security.xml. But this way is still dangerous because every person with access to your computer has access to your Master-Password.

Maybe thats what your are looking for.