使用 Ivy 和私人公司存储库时,我的凭据应该放在哪里? [英] Where do I put my credentials when using Ivy and a private company repository?

查看:19
本文介绍了使用 Ivy 和私人公司存储库时,我的凭据应该放在哪里?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用 Ant + Ivy,我的公司最近为我们自己的私人图书馆设置了一个 Nexus 服务器.Ivy 可以通过使用 ibilio 解析器和 m2compatible=true 从 Nexus 服务器获取依赖项,但我必须将我的凭据放在 ivysettings.xml 文件中.

I'm using Ant + Ivy, and my company has recently set up a Nexus server for our own private libraries. Ivy can get dependencies from the Nexus server by using a ibilio resolver and m2compatible=true, but I have to put my credentials in a ivysettings.xml file.

不同的开发人员应该如何存储他们的凭据?

How are different developers supposed to store their credentials?

ivysettings.xml 文件不应该在 vcs 中提交吗?

Is the ivysettings.xml file not supposed to be commited in vcs?

我真的不想以纯文本形式存储我的密码.

I really don't want to store my password in plain text.

推荐答案

使用带有控制 Nexus 凭据的属性的设置文件:

Use a settings file with properties controlling the Nexus credentials:

<ivysettings>
    <property name="repo.host" value="default.mycompany.com" override="false"/>
    <property name="repo.realm" value="Sonatype Nexus Repository Manager" override="false"/>
    <property name="repo.user" value="deployment"  override="false"/>
    <property name="repo.pass" value="deployment123"  override="false"/>          

    <credentials host="${repo.host}" realm="${repo.realm}" username="${repo.user}" passwd="${repo.pass}"/>

    ..
    ..
</ivysettings>

当您运行构建时,您可以指定真实的用户名和密码:

When you run the build you can then specify the true username and password:

ant -Drepo.user=mark -Drepo.pass=s3Cret

更新/增强

将密码作为属性存储在文件系统上需要加密.

Update/Enhancement

Storing passwords as properties on the file system requires encryption.

Jasypt 有一个可以生成加密字符串的命令行程序:

Jasypt has a command-line program that can generate encrypted strings:

$ encrypt.sh verbose=0 password=123 input=s3Cret
hXiMYkpsPY7j3aIh/2/vfQ==

这可以保存在构建的属性文件中:

This can be saved in the build's property file:

username=bill
password=ENC(hXiMYkpsPY7j3aIh/2/vfQ==)

以下 ANT 目标将解密任何加密的 ANT 属性:

The following ANT target will decrypt any encrypted ANT properties:

<target name="decrypt">
    <taskdef name="groovy" classname="org.codehaus.groovy.ant.Groovy" classpathref="build.path"/>

    <groovy>
    import org.jasypt.properties.EncryptableProperties
    import org.jasypt.encryption.pbe.StandardPBEStringEncryptor

    StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor()
    encryptor.setPassword(properties["master.pass"])

    Properties props = new EncryptableProperties((Properties)properties, encryptor);

    props.propertyNames().each {
        properties[it] = props.getProperty(it)
    }
    </groovy>
</target>

当然要使这项工作正常进行,需要在构建过程中指定用于加密属性的密码.

Of course to make this work, the password used for encrypting the properties needs to be specified as part of the build.

ant -Dmaster.pass=123

这意味着该解决方案仅适用于隐藏静态数据.

This means the solution is only good for hiding data at rest.

这篇关于使用 Ivy 和私人公司存储库时,我的凭据应该放在哪里?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆