如何在Maven中保护和加密setting.xml paswords文件? [英] how to secure and encrypt setting.xml paswords file in maven?

问题描述

如何在Maven中的settings.xml中保护服务器/代理设置?

How to secure server/proxy settings in settings.xml in maven?

我认为这主要与存储在其中的登录名和密码有关，并且我假设不能将其明确放置在其中，应该将它们存储在env变量/etc中吗?

I assume this is mostly about login and passwords stored there and I assume that those can't be placed placed there explicitly, should they be stored in env variables/etc?

安全settings.xml的示例应如何显示?

how should example of a secure settings.xml look?

推荐答案

您有2个选项:

1)如果只需要在settings.xml中使用:

执行:

mvn --encrypt-password <password>

您将获得像这样的加密密码:

You will get the encrypted password like this:

{COQLCE6DU6GtcS5P=}

您可以在settings.xml中使用此密码:

You can use this password in you settings.xml:

<settings>
 ...
    <servers>
    ...
        <server>
          <id>my.server</id>
          <username>foo</username>
          <password>{COQLCE6DU6GtcS5P=}</password>
        </server>
    ...
    </servers>
...
</settings>

2)如果您需要多次使用:

执行:

mvn --encrypt-master-password <password>

Yo将获得加密的密码，如下所示:

Yo will get the encrypted password like this:

{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+9EF1iFQyJQ=}

将此密码存储在 $ {user.home}/.m2/settings-security.xml 中，该密码应类似于:

Store this password in the ${user.home}/.m2/settings-security.xml it should look like:

<settingsSecurity>
      <master>{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+9EF1iFQyJQ=}</master>
</settingsSecurity>

这篇关于如何在Maven中保护和加密setting.xml paswords文件?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！