[jira] [Updated] (MNG-7176) Resolve actual location of security-settings.xml

["Michael Osipov (Jira)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/MNG-7176?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Michael Osipov updated MNG-7176:
--------------------------------
    Fix Version/s:     (was: waiting-for-feedback)

> Resolve actual location of security-settings.xml
> ------------------------------------------------
>
>                 Key: MNG-7176
>                 URL: https://issues.apache.org/jira/browse/MNG-7176
>             Project: Maven
>          Issue Type: Bug
>    Affects Versions: 3.8.1
>            Reporter: Mykel Alvis
>            Priority: Major
>
> The [documentation|https://maven.apache.org/guides/mini/guide-encryption.html] is fairly clear about how to encrypt passwords in `settings.xml`
> However, Maven (still, as of 3.8.1) appears to use `plexus-sec-dispather:1.4` which specs the location as `~/.security-settings.xml`
> Work with an injected `Settings` in a Maven plugin leads me to believe that passwords aren't decrypted unless you're inside a wagon component, which I guess makes sense but not for my purposes. So I used a `SecDispatcher` in this code to decrypt the passwords.  But it failed because it expected the config for security to be at `~/.security-settings.xml`
> Some other issue querying leads me to believe that my workaround (symlinking ~/.m2/security-settings.xml` to `~/.security-settings.xml` is the rightest answer I can arrive at.  This appears to work, but isn't part of the documentation.
> Other queries appear to believe that the peer to settings.xml in ~/.m2 is the actual "right" location.
> I was unable to locate an issue or definitive answer to this question, which leads me to believe that the documentation isn't accurate. 
> Note that I would be very happy to submit a doc PR if I know what the right answer was
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)