Although I don't know a direct way to do what you are asking, I thought I'd mention that if you have some flexibility in your Ivy repository, you might look into Artifactory (http://www.jfrog.org/index.php) which manages a Maven/Ivy repository and provides a way for users to generate an encrypted version of their password for use in just this case. Although I publish my artifacts using Ant on my Hudson server, Artifactory also has a for-purchase add-on to Hudson and Artifactory to allow Hudson itself to publish artifacts and Artifactory to track Hudson build artifacts.
Thanks, topher [email protected] On Wed, Jun 16, 2010 at 1:06 PM, Steele, Richard <[email protected]>wrote: > I'm trying to figure out the best way to handle publishing artifacts to our > Ivy repository using ssh. We can't prompt the user for the username and > password since the publication is usually done by Hudson. We can't embed > the username or password as a job configuration property because we can't > have those in cleartext; similarly, we can't use a standard user with a > well-known password in cleartext because of security concerns. > > I'm leaning towards using a keystore, but we'd need to use one without a > password for the same reasons above (can't prompt, don't want to embed), > but > a keystore without a password makes the security group twitchy. > > I'm looking for any ideas or suggestions that might help; practical > experience with real examples would be best, but I'll consider anything. > > Thanks, > Rich >
