Need a way to specify repository credentials securely for deploy operations
---------------------------------------------------------------------------
Key: MDEPLOY-129
URL: http://jira.codehaus.org/browse/MDEPLOY-129
Project: Maven 2.x Deploy Plugin
Issue Type: New Feature
Components: deploy:deploy-file
Affects Versions: 2.5, 2.4
Environment: All
Reporter: Rick Herrick
Currently, credentials for performing a deployment must be specified in the
settings.xml. However, if a Maven repository is set to use LDAP for its
authentication mechanism, this means exposing domain security credentials in
plaintext in a static file on the hard drive and is _extremely_ insecure (as
specified in the documentation: "Unfortunately, Maven doesn't currently support
hashed or encrypted passwords in the settings.xml"). This is simply not
workable in a secure environment, e.g. government, defense, financial, etc.
Instead there should be an option to provide these credentials on the command
line or using hash or encryption algorithms.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
