I'm trying to figure out the best way to handle publishing artifacts to our Ivy repository using ssh. We can't prompt the user for the username and password since the publication is usually done by Hudson. We can't embed the username or password as a job configuration property because we can't have those in cleartext; similarly, we can't use a standard user with a well-known password in cleartext because of security concerns.
I'm leaning towards using a keystore, but we'd need to use one without a password for the same reasons above (can't prompt, don't want to embed), but a keystore without a password makes the security group twitchy. I'm looking for any ideas or suggestions that might help; practical experience with real examples would be best, but I'll consider anything. Thanks, Rich
