[
https://issues.apache.org/jira/browse/MNG-7176?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Osipov updated MNG-7176:
--------------------------------
Fix Version/s: (was: waiting-for-feedback)
> Resolve actual location of security-settings.xml
> ------------------------------------------------
>
> Key: MNG-7176
> URL: https://issues.apache.org/jira/browse/MNG-7176
> Project: Maven
> Issue Type: Bug
> Affects Versions: 3.8.1
> Reporter: Mykel Alvis
> Priority: Major
>
> The
> [documentation|https://maven.apache.org/guides/mini/guide-encryption.html] is
> fairly clear about how to encrypt passwords in `settings.xml`
> However, Maven (still, as of 3.8.1) appears to use `plexus-sec-dispather:1.4`
> which specs the location as `~/.security-settings.xml`
> Work with an injected `Settings` in a Maven plugin leads me to believe that
> passwords aren't decrypted unless you're inside a wagon component, which I
> guess makes sense but not for my purposes. So I used a `SecDispatcher` in
> this code to decrypt the passwords. But it failed because it expected the
> config for security to be at `~/.security-settings.xml`
> Some other issue querying leads me to believe that my workaround (symlinking
> ~/.m2/security-settings.xml` to `~/.security-settings.xml` is the rightest
> answer I can arrive at. This appears to work, but isn't part of the
> documentation.
> Other queries appear to believe that the peer to settings.xml in ~/.m2 is the
> actual "right" location.
> I was unable to locate an issue or definitive answer to this question, which
> leads me to believe that the documentation isn't accurate.
> Note that I would be very happy to submit a doc PR if I know what the right
> answer was
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
