[
https://issues.apache.org/jira/browse/MDEPLOY-129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17965642#comment-17965642
]
Olivier Lamy commented on MDEPLOY-129:
--------------------------------------
This project has moved from Jira to GitHub Issues. This issue was migrated to
[apache/maven-deploy-plugin#446|https://github.com/apache/maven-deploy-plugin/issues/446].
> Need a way to specify repository credentials securely for deploy operations
> ---------------------------------------------------------------------------
>
> Key: MDEPLOY-129
> URL: https://issues.apache.org/jira/browse/MDEPLOY-129
> Project: Maven Deploy Plugin (Moved to GitHub Issues)
> Issue Type: Improvement
> Components: deploy:deploy-file
> Affects Versions: 2.4, 2.5
> Environment: All
> Reporter: Rick Herrick
> Assignee: Robert Scholte
> Priority: Minor
> Labels: contributers-welcome, documentation
>
> Currently, credentials for performing a deployment must be specified in the
> settings.xml. However, if a Maven repository is set to use LDAP for its
> authentication mechanism, this means exposing domain security credentials in
> plaintext in a static file on the hard drive and is _extremely_ insecure (as
> specified in the documentation: "Unfortunately, Maven doesn't currently
> support hashed or encrypted passwords in the settings.xml"). This is simply
> not workable in a secure environment, e.g. government, defense, financial,
> etc.
> Instead there should be an option to provide these credentials on the command
> line or using hash or encryption algorithms.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
