[
https://jira.codehaus.org/browse/SCM-710?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=317132#comment-317132
]
Eddie Webb commented on SCM-710:
--------------------------------
Yes, we use the maven release plugin with these encrypted passwords regularly,
(setup master password, encrypted all passwords, and added to server section of
settings.xml) and have no plain text passwords anywhere. THe issue we are
experiencing is unique to the SCM plugin which does not seem to respect the
encryption.
> Use of encrypted password in pom.xml confiuration is ignored
> ------------------------------------------------------------
>
> Key: SCM-710
> URL: https://jira.codehaus.org/browse/SCM-710
> Project: Maven SCM
> Issue Type: Bug
> Reporter: Eddie Webb
>
> THe docs for this plugin say I can use encrypted passwords just like we do
> for the release plugin.
> It does not seem to support the same
> <project.scm.id>non-hostname-id</project.scm.id> that the release plugin
> does, so I included the username and encrypted password directory in the
> plugin config.
> {noformat}
> ...
> <plugin>
> <groupId>org.apache.maven.plugins</groupId>
> <artifactId>maven-scm-plugin</artifactId>
> <version>1.8.1</version>
> <configuration>
> <username>username</username>
> <password>{EncycptedStringGeneratedFromMvnPassword=}</password>
> </configuration>
> </plugin>
> </plugins>
> ...
> {noformat}
> But the SCM fails with authentication issue, and the SVN logs determine that
> no user ID is sent.
> If I instead include the hostname as a server ID in settings.xml, or include
> these values on the command line, in both cases it invokes a 500 from the
> application server.
> mvn scm:checkout -Pforge -Dusername=myuser
> -Dpassword={EncycptedStringGeneratedFromMvnPassword=}
> svn: Server sent unexpected return value (500 Internal Server Error) in
> response to OPTIONS request for https://my-svn
> This 500 can be duplicated in a browser by passing the un-encrypted string
> {foo=}.
> h3. summary
> regardless of where I place the encruypted password it is either ignored, or
> not decrypted before being sent to the webserver.
> Can you please document an example of how to use the encrypted passwords, or
> support the same approach as the release plugin.
> http://jira.codehaus.org/browse/MRELEASE-420
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
