Maven credentials included in Project Reports


(Anders Brolien) #1

We are authenticating against a maven repository using properties defined by gradle.properies in each users .gradle directory. As part of our release process the project reports are published to an internal web server, allowing users to browse javadocs, junit result and the other project reports. However the properties report will now include the maven credentials in plain text. I could apply some custom filter to the reports but this made me wonder about the solution of storing plain text passwords in a file. Is there some other way of providing credentials to the maven repo?


(Anders Brolien) #2

With maven there exists a way of encrypting the passwords stored in .m2/settings.xml. http://maven.apache.org/guides/mini/guide-encryption.html Is something similar possible with gradle?


(Peter Niederwieser) #3

Gradle doesn’t currently support password encryption out-of-the-box. You’d have to roll it on your own.


(Anders Brolien) #4

Thanks, Assuming Nexus user tokens would do the trick: http://www.sonatype.com/books/nexus-book/reference/config-sect-usertoken.html


(Peter Niederwieser) #5

Yes, and they are a much better solution than client-side encryption.


(me) #6

But only available in Nexus Pro version.

Plain passwords is quite a no-go.