Version 2

    Masking Passwords in Maven Settings.xml

    As part of your development process, you have to provide the repository information in a settings.xml.  Along with the repository information, you are required to provide the user name and the password.


    The repository server name and user name if in clear text pose no security dangers. But the clear text password can be dangerous if some one peeks at your settings.xml while you left your computer unlocked for a 5 mins coffee break.



    Maven Password Encryption



    Let us assume you have multiple repositories for which you have different passwords. Irrespective of how many passwords you have, you need to create a master password.


    1. Create a master password and encrypt it.
    2. Create a ~/.m2/settings-security.xml file
    3. Encrypt your password

    Step 1:  Create a master password and encrypt it


    $> mvn --encrypt-master-password  somemasterpassword



    Please remember to change "somemasterpassword" to whatever master password you want to remember

    Step 2: Create a  ~/.m2/settings-security.xml file


    Transfer the encrypted master password into this file.




    Step 3: Encrypt your repository password. You can encrypt as many passwords as you please.



    mvn --encrypt-password  mysweetlittlepassword


    Now you can use this encrypted password as your server password instead of the clear text password.