[
http://jira.codehaus.org/browse/MDEPLOY-129?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=257619#action_257619
]
Rick Herrick commented on MDEPLOY-129:
--------------------------------------
OK, then it'd be nice to have a mention on the page where I found that text
that links to this page, so [from
here|http://maven.apache.org/plugins/maven-deploy-plugin/usage.html] to
[here|http://maven.apache.org/guides/mini/guide-encryption.html]. The first
page makes it pretty definite that there's no way to do this, which is of
course belied by the capability described in the second.
And second, I still think this is a valid feature request, since I can't just
specify my user credentials on the command line, which is quick and ephemeral
and requires no procedure to make work. Something like:
{code}mvn deploy:deploy-file -Dcredentials=foo:bar blah blah blah{code}
This is especially useful in scenarios where a developer may be deploying from
an environment where s/he has write permissions on a development tree, but only
read permissions on the settings.xml. This usually won't include the personal
settings.xml, but again that's a procedure: the ability to just specify
credentials on the fly would be much more convenient than a multi-step process.
> Need a way to specify repository credentials securely for deploy operations
> ---------------------------------------------------------------------------
>
> Key: MDEPLOY-129
> URL: http://jira.codehaus.org/browse/MDEPLOY-129
> Project: Maven 2.x Deploy Plugin
> Issue Type: New Feature
> Components: deploy:deploy-file
> Affects Versions: 2.4, 2.5
> Environment: All
> Reporter: Rick Herrick
>
> Currently, credentials for performing a deployment must be specified in the
> settings.xml. However, if a Maven repository is set to use LDAP for its
> authentication mechanism, this means exposing domain security credentials in
> plaintext in a static file on the hard drive and is _extremely_ insecure (as
> specified in the documentation: "Unfortunately, Maven doesn't currently
> support hashed or encrypted passwords in the settings.xml"). This is simply
> not workable in a secure environment, e.g. government, defense, financial,
> etc.
> Instead there should be an option to provide these credentials on the command
> line or using hash or encryption algorithms.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
