Hi Alex, Maven has a hierarchy of settings. Above the pom.xml is the settings.xml in the user’s profile and above that the settings.xml in maven. Usually you don’t provide credentials in the pom, but define id’s. In the settings.xml you usually provide the credentials for the ids to inject them to the build (I am handling this in my training video quite extensively).
Infra have a settings.xml in which they provide the credentials for a technical user on each agent. But anyone with access to the VM would be able to read and copy these credentials. Hope that explains this aspect a little more. Chris Am 13.02.17, 17:23 schrieb "Alex Harui" <aha...@adobe.com>: Forking a few technical threads... On 2/13/17, 12:28 AM, "Christofer Dutz" <christofer.d...@c-ware.de> wrote: > >Right now, I don’t know how we could make sure we are able to commit to >GIT or upload to maven without having the credentials on the VM we >control … I guess I don't understand enough about Maven and credentials, so can we use this thread to get more details? Is it true that on builds.a.o, your credentials are stored there or the ASF has a special credential stored there for use when publishing to Maven? Must credentials be stored on a server or can they be prompted? Thanks, -Alex