[jira] [Commented] (MBUILDCACHE-33) Support remote cache credentials from environment variables

Mon, 26 Dec 2022 18:28:08 -0800 


    [ 
https://issues.apache.org/jira/browse/MBUILDCACHE-33?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17652089#comment-17652089
 ] 

Alexander Ashitkin commented on MBUILDCACHE-33:
-----------------------------------------------

[~gnodet] putting credentials in settings.xml is either insecure or 
inconvenient. Imagine large enterprise team with hundreds of projects. Imagine 
level of inconvenience to create hundreds of identical settings.xml just to put 
the same credentials hundreds of time there? Imagine how much pain is to change 
such credentials. Even not speaking of build containers in old good Jenkins 
build secrets are normally injected to build with environment variables. You're 
right the problem is not limited to cache. Convenient setup is to manage maven 
config in settings.xml and manage credentials in a centralized secret manager. 
Ideally it should be supported in Maven core because - it's an easy solvable 
problem and great simplification and convenience for end users. But at this 
point it is possible to solve it in cache at least which will allow to use 
cache in compliant manner in a properly secured build environments

> Support remote cache credentials from environment variables 
> ------------------------------------------------------------
>
>                 Key: MBUILDCACHE-33
>                 URL: https://issues.apache.org/jira/browse/MBUILDCACHE-33
>             Project: Maven Build Cache Extension
>          Issue Type: New Feature
>            Reporter: Alexander Ashitkin
>            Priority: Major
>              Labels: pull-request-available
>
> In my current environment settings.xml are managed by a build team which is 
> not allowing any modification because the same build service is used by all 
> teams. Atop of that, maven build runs in a fresh container which doesn't have 
> any credentials injected for security reasons. Because of that cache cannot 
> read/deploy build artifacts to an authenticated http server. Still, our build 
> service allows to inject credentials from environment variables into build 
> container. Need to support cache setup without settings.xml by injecting 
> environment variables:
>  * MAVEN_BUILD_CACHE_DIRECT_CONNECT
>  * MAVEN_BUILD_CACHE_USER
>  * MAVEN_BUILD_CACHE_PASSWORD
>  * MAVEN_BUILD_CACHE_PROXY_USER
>  * MAVEN_BUILD_CACHE_PROXY_PASSWORD



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to