[jira] (MPH-86) Hide passwords for effective-pom

[Robert Scholte (JIRA)]

    [ 
https://jira.codehaus.org/browse/MPH-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=318539#comment-318539
 ] 

Robert Scholte commented on MPH-86:
-----------------------------------

The difference between the {{Settings}} and {{MavenProject}} is that for 
Settings we know which fields contain a password. For a pom it is either a 
property or a configuration-field.
For configuration there might be a solution if a plugin developer could specify 
which field values should be hidden. That option is not there and could be 
quite complex.
For properties I don't see a solution. I don't want to add some magic basic on 
a naming convention.

The best solution is to use {{<server>}}-entries in the {{settings.xml}}. Both 
the {{maven-scm-plugin}} and {{maven-release-plugin}} are capable to get the 
username+password based on a server id, so you can even encrypt your password.
                
> Hide passwords for effective-pom
> --------------------------------
>
>                 Key: MPH-86
>                 URL: https://jira.codehaus.org/browse/MPH-86
>             Project: Maven 2.x Help Plugin
>          Issue Type: Bug
>    Affects Versions: 2.1.1
>         Environment: Apache Maven 3.0.3 (r1075438; 2011-02-28 18:31:09+0100)
> Maven home: C:\Program Files (x86)\RscApplications\Maven3\bin\..
> Java version: 1.6.0, vendor: IBM Corporation
> Java home: C:\programs\ejbdeploy_base_v7\java\jre
> Default locale: de_DE, platform encoding: Cp1252
> OS name: "windows 7", version: "6.1 build 7601 service pack 1", arch: "x86", 
> family: "windows"
>            Reporter: Stefan Cordes
>
> Executing
> {{mvn help:effective-pom -Doutput=pom-effective.txt}}
> with
> {code:xml}
> <profiles>
>    <profile>
>         <id>default</id>
>         <activation>
>         <activeByDefault>true</activeByDefault>
>         </activation>
>         <properties>
>                 <maven.scm.username>MyUserId</maven.scm.username>
>                 <maven.scm.password>MyVerySecretPassword</maven.scm.password>
>         </properties>
>    </profile>
> </profiles>
> </settings>
> {code}
> in 
> {{%userprofile%\.m2\settings.xml}}
> results in an pom-effective.txt
> which contains
> {code:xml}
>         <properties>
>                 <maven.scm.username>MyUserId</maven.scm.username>
>                 <maven.scm.password>MyVerySecretPassword</maven.scm.password>
>         </properties>
> {code}
> As (in our case) the pom-effective.txt should be checked in version control 
> system for later debug support we strongly need to hide the password analog 
> to 
> "MPH-44 Hide passwords for effective-settings":
> {code:xml}
>         <properties>
>                 <maven.scm.username>MyUserId</maven.scm.username>
>                 <maven.scm.password>***</maven.scm.password>
>         </properties>
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira