在Maven pom中使用加密的数据 [英] Use encrypted data in a Maven pom
问题描述
我知道可以加密密码并将加密后的数据放入settings.xml
,以便Maven可以访问远程服务器(用于部署等).
I know that it is possible to encrypt a password and put the encrypted data in the settings.xml
, so that Maven can access a remote server (for deployment, etc.).
但是,就我而言,密码是第三方插件配置中的参数.
However, in my case, the password is a parameter in the configuration of a third-party plugin.
通常,此插件的pom.xml
配置如下所示:
Normally, the pom.xml
configuration for this plugin looks like that:
<build>
<plugins>
<plugin>
<groupId>xxx</groupId>
<artifactId>maven-xxx-plugin</artifactId>
...
<configuration>
<serverAddress>http://myserver</serverAddress>
<port>4242</port>
<username>unicorn</username>
<password>thePassword</password>
...
但是我不喜欢在pom.xml
中以纯文本形式设置密码的想法.因此,我尝试将其设置为属性(<password>${encrypted.password}</password>
),并使用mvn --encrypt-password thePassword
命令在settings.xml
文件中设置加密密码:
But I don't like the idea to set the password in plain text in my pom.xml
. So I tried to set it as a property (<password>${encrypted.password}</password>
) and set the encrypted password in the settings.xml
file, using mvn --encrypt-password thePassword
command:
<profiles>
<profile>
<id>myprofile</id>
<properties>
<!-- Encrypted passwords -->
<encrypted.password>{dJXVRKwRiY8HqzhGecHd/MYju/aIEmMT8cnE6MY53uPNr0ro/CAsXSLlgzEjxYeU}</encrypted.password>
</properties>
不幸的是,这不起作用(我怀疑插件将加密的密码用作清除"密码,并且不尝试对其进行解密).
Unfortunately, this does not work (I suspect that the plugin uses the encrypted password as a "clear" password, and does not try to decrypt it).
有没有办法使它起作用?如果不是,那么避免在pom.xml
或settings.xml
中输入纯文本密码的替代方法是什么?
Is there a way to make it work? If not, what are the alternative to avoid putting plain text password in pom.xml
or settings.xml
?
谢谢.
ps:我正在使用Maven 2.2.1,但是如果需要,我也可以使用Maven 3.0.
ps: I'm using Maven 2.2.1, but I can also use Maven 3.0 if needed.
推荐答案
Maven为加密settings.xml
中的密码以及插件检索密码提供了必要的支持.参见例如
Maven provided the necessary support to encrypt passwords in settings.xml
, and for plugins to retrieve them. See for example SqlExecMojo.java.
插件只需"就必须使用此功能,以便对凭据管理更加用户友好.
Plugins "just" have to use this feature to be more user-friendly with credentials management.
这篇关于在Maven pom中使用加密的数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!