[jira] Updated: (MDEPLOY-129) Need a way to specify repository credentials securely for deploy operations

["Stephen Connolly (JIRA)" <ji...@codehaus.org>]

     [ https://jira.codehaus.org/browse/MDEPLOY-129?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Stephen Connolly updated MDEPLOY-129:
-------------------------------------

      Priority: Minor  (was: Major)
        Labels: contributers-welcome documentation  (was: )
    Issue Type: Improvement  (was: New Feature)

> Need a way to specify repository credentials securely for deploy operations
> ---------------------------------------------------------------------------
>
>                 Key: MDEPLOY-129
>                 URL: https://jira.codehaus.org/browse/MDEPLOY-129
>             Project: Maven 2.x Deploy Plugin
>          Issue Type: Improvement
>          Components: deploy:deploy-file
>    Affects Versions: 2.4, 2.5
>         Environment: All
>            Reporter: Rick Herrick
>            Priority: Minor
>              Labels: contributers-welcome, documentation
>
> Currently, credentials for performing a deployment must be specified in the settings.xml. However, if a Maven repository is set to use LDAP for its authentication mechanism, this means exposing domain security credentials in plaintext in a static file on the hard drive and is _extremely_ insecure (as specified in the documentation: "Unfortunately, Maven doesn't currently support hashed or encrypted passwords in the settings.xml"). This is simply not workable in a secure environment, e.g. government, defense, financial, etc.
> Instead there should be an option to provide these credentials on the command line or using hash or encryption algorithms.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira