[
https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17713254#comment-17713254
]
Alan Czajkowski edited comment on MRELEASE-1103 at 4/17/23 7:05 PM:
--------------------------------------------------------------------
[~michael-o] there is value to this encryption
forget about Maven run-time, and how terrible this encryption is during run-time
at rest, on disk, before any Maven command runs, the only files I have on the
system are security-settings.xml and settings.xml, both encrypted, and this is
my requirement that these files contain no plain text password
whatever happens during run-time is another issue that does not concern me
think of this use-case: I need to create a Docker image that contains the Maven
binaries, and the repo credentials stored in settings.xml ... but the
requirement for this image is that nothing inside of it has plaint text ... so
on creation of this Docker image, when no Maven command runs, only Maven files
are stored on the image, then passwords are safely encrypted and this is a
great way to protect the passwords
was (Author: alan-czajkowski):
[~michael-o] there is value to this encryption
forget about Maven run-time, and how terrible this encryption is during run-time
at rest, on disk, before any Maven command runs, the only files I have on the
system are security-settings.xml and settings.xml, both encrypted, and this is
my requirement that these files contain no plain text password
whatever happens during run-time is another issue that does not concern me
> decryption of server password in settings.xml failed (works with 2.5.3)
> -----------------------------------------------------------------------
>
> Key: MRELEASE-1103
> URL: https://issues.apache.org/jira/browse/MRELEASE-1103
> Project: Maven Release Plugin
> Issue Type: Bug
> Affects Versions: 3.0.0-M6
> Reporter: Robert Seidel
> Priority: Blocker
> Fix For: 3.0.1
>
>
> A server section was defined in the settings.xml at
> <settings><servers><server> with id, username and password to connect to a
> Bitbucket server.
> In the pom.xml the id was referenced in the properties via project.scm.id.
> With 2.5.3 the build is running fine, but with 3.0.06-M6 the following
> happens:
> *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be
> activated because it does not exist.
> *11:35:40* [INFO] 11/17 prepare:scm-commit-release
> *11:35:40* [INFO] Checking in modified POMs...
> *11:35:40* [WARNING] Failed to decrypt password/passphrase for server
> bitbucket-prod, using auth token as is: decrypt failed
> and in the aftermath:
> *11:35:41* [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli)
> on project ExamplePom: Unable to commit files
> *11:35:41* [ERROR] Provider message:
> *11:35:41* [ERROR] The git-push command failed.
> *11:35:41* [ERROR] Command output:
> *11:35:41* [ERROR] fatal: Authentication failed for
> '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]'
>
> JDK used was Adoptium 17 (but with 11 the same problem occured).
> Maven used was 3.8.6.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
