Encrypting credentials in settings.xml
Maven keeps confidential data such as passwords in settings.xml. For example, in the previous two sections, the passwords for the proxy server and the repository are kept in cleartext. The following configuration repeats the server configuration of a repository secured with HTTP Basic authentication:
<server> <id>central</id> <username>my_username</username> <password>my_password</password> </server>
Note
More details about encrypting Maven passwords can be found at http://maven.apache.org/guides/mini/guide-encryption.html.
Keeping confidential data in configuration files in cleartext is a security threat that must be avoided. Maven provides a way to encrypt configuration data in settings.xml, which is as follows:
First, we need to create a master encryption key by using the following command:
$ mvn -emp mymasterpassword {lJ1MrCQRnngHIpSadxoyEKyt2zIGbm3Yl0ClKdTtRR6TleNaEfGOEoJaxNcdMr+G}
With the output...
