Encrypting credentials in settings.xml
Maven keeps confidential data such as passwords in settings.xml
. For example, in the previous two sections, the passwords for the proxy server and the repository are kept in cleartext. The following configuration repeats the server configuration of a repository secured with HTTP Basic authentication:
<server> <id>central</id> <username>my_username</username> <password>my_password</password> </server>
Note
More details about encrypting Maven passwords can be found at http://maven.apache.org/guides/mini/guide-encryption.html.
Keeping confidential data in configuration files in cleartext is a security threat that must be avoided. Maven provides a way to encrypt configuration data in settings.xml
, which is as follows: ...
Get Mastering Apache Maven 3 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.