Java – where can I place credentials when using Ivy League and private company repositories?

Java

I use ant ivy, and our company recently set up a nexus server for our own private library Ivy can get dependencies from the nexus server by using the ibilio parser and m2compatible = true, but I have to put the credentials in ivysettings XML file

How should different developers store their credentials?

ivysettings. Should the XML file be submitted in VCs?

I really don't want to store my password in plain text

Solution

Use a settings file with properties that control nexus credentials:

<ivysettings>
    <property name="repo.host" value="default.mycompany.com" override="false"/>
    <property name="repo.realm" value="Sonatype Nexus Repository Manager" override="false"/>
    <property name="repo.user" value="deployment"  override="false"/>
    <property name="repo.pass" value="deployment123"  override="false"/>          

    <credentials host="${repo.host}" realm="${repo.realm}" username="${repo.user}" passwd="${repo.pass}"/>

    ..
    ..
</ivysettings>

When you run the build, you can specify a real user name and password:

ant -Drepo.user=mark -Drepo.pass=s3Cret

Update / enhance

Storing passwords as attributes on the file system requires encryption

Jasypt has a command line program that can generate encrypted strings:

$encrypt.sh verbose=0 password=123 input=s3Cret
hXiMYkpsPY7j3aIh/2/vfQ==

This can be saved in the built properties file:

username=bill
password=ENC(hXiMYkpsPY7j3aIh/2/vfQ==)

The following ant targets will decrypt any encrypted ant properties:

<target name="decrypt">
    <taskdef name="groovy" classname="org.codehaus.groovy.ant.Groovy" classpathref="build.path"/>

    <groovy>
    import org.jasypt.properties.EncryptableProperties
    import org.jasypt.encryption.pbe.StandardPBEStringEncryptor

    StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor()
    encryptor.setPassword(properties["master.pass"])

    Properties props = new EncryptableProperties((Properties)properties,encryptor);

    props.propertyNames().each {
        properties[it] = props.getProperty(it)
    }
    </groovy>
</target>

Of course, in order to do this, the password used to encrypt properties needs to be specified as part of the build

ant -Dmaster.pass=123

This means that the solution only applies to hidden data

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>