You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by og...@apache.org on 2009/02/12 19:30:13 UTC
svn commit: r743828 - in /maven/site/trunk/src/site/apt: encryption.apt
guides/index.apt settings.apt
Author: ogusakov
Date: Thu Feb 12 18:30:12 2009
New Revision: 743828
URL: http://svn.apache.org/viewvc?rev=743828&view=rev
Log:
[MNG-553] added password encryption doco to the site
Added:
maven/site/trunk/src/site/apt/encryption.apt (with props)
Modified:
maven/site/trunk/src/site/apt/guides/index.apt
maven/site/trunk/src/site/apt/settings.apt
Added: maven/site/trunk/src/site/apt/encryption.apt
URL: http://svn.apache.org/viewvc/maven/site/trunk/src/site/apt/encryption.apt?rev=743828&view=auto
==============================================================================
--- maven/site/trunk/src/site/apt/encryption.apt (added)
+++ maven/site/trunk/src/site/apt/encryption.apt Thu Feb 12 18:30:12 2009
@@ -0,0 +1,149 @@
+ ----
+ Password Encryption
+ -----
+ Oleg Gusakov
+ -----
+ 10 February 2009
+ -----
+
+{Password Encryption}
+
+ [[1]] {{{Introduction}Introduction}}
+
+ [[2]] {{{How_to_create_master_password}How to create master password}}
+
+ [[3]] {{{How_to_encrypt_server_passwords}How to encrypt server passwords}}
+
+ [[4]] {{{How_to_keep_master_password_on_removable_drive}How to keep master password on removable drive}}
+
+
+* {Introduction}
+
+ Maven 2.1.x trunk now supports server password decryption. This solution is a
+ first implementation and will be enhanced and made more user-friendly in the
+ nearest future. What is described here is working, but not too user-friendly,
+ a Maven plugin to address password maintenance is in the works.
+
+ The main use case, addressed by this solution is:
+
+ * multiple users share the same build machine (server, CI box)
+
+ * some users have the privilege to deploy Maven artifacts to repositories, some don't.
+
+ ** this applies to any server operations, requiring authorization, not only deployment
+
+ * settings.xml is shared between users
+
+ The implemented solution adds the following capabilities:
+
+ * authorized users have an additional settings-security.xml file in their ~/.m2 folder
+
+ ** this file either contains encrypted <<master password>>, used to encrypt other passwords
+
+ ** or it can contain a <<relocation>> - reference to another file, possibly on removable storage
+
+ ** this password is created first via CLI for now
+
+ * server entries in the <<<settings.xml>>> have passwords and/or keystore passphrases encrypted
+
+ ** for now - this is done via CLI <<after>> master password has been created and stored in appropriate location
+
+* {How to create master password}
+
+ All necessary classes are in the maven uber jar which is in $\{maven.home}/lib
+
+ Use the following command line:
+
++------------------------------------+
+java -cp maven-2.1.0-M2-SNAPSHOT-uber.jar \
+ org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher -m
++------------------------------------+
+
+ This command will prompt you for the master password and will produce an encrypted version of it, something like
+
++------------------------------------+
+{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+9EF1iFQyJQ=}
++------------------------------------+
+
+ Please store this password in the <<<~/.m2/settings-security.xml>>>; it should look like
+
++------------------------------------+
+<settingsSecurity>
+ <master>{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+9EF1iFQyJQ=}</master>
+</settingsSecurity>
++------------------------------------+
+
+ When this is done, you can start encrypting existing server passwords.
+
+* {How to encrypt server passwords}
+
+ You will have to use the same command line tool as for master password (see above), but parameter is different: <<-p>>
+
+ Use the following command line:
+
++------------------------------------+
+java -cp maven-2.1.0-M2-SNAPSHOT-uber.jar \
+ org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher -p
++------------------------------------+
+
+ This command will prompt you for a password and will produce an encrypted version of it, something like
+
++------------------------------------+
+{COQLCE6DU6GtcS5P=}
++------------------------------------+
+
+ Cut-n-paste it into you <<<settings.xml>>> file in the server section. This will look like:
+
++------------------------------------+
+<settings>
+...
+ <servers>
+...
+ <server>
+ <id>my.server</id>
+ <username>foo</username>
+ <password>{COQLCE6DU6GtcS5P=}</password>
+ </server>
+...
+ </servers>
+...
+</settings>
++------------------------------------+
+
+ Then you can use, say, deploy plugin, to write to this server:
+
++------------------------------------+
+mvn deploy:deploy-file -Durl=https://maven.corp.com/repo \
+ -DrepositoryId=my.server \
+ -Dfile=your-artifact-1.0.jar \
++------------------------------------+
+
+
+
+* {How to keep master password on removable drive}
+
+ Create the master password exactly as described above, and store it on a
+ removable drive, for instance on OSX, my USB drive mounts as <<</Volumes/mySecureUsb>>>,
+ so I store
+
++------------------------------------+
+<settingsSecurity>
+ <master>{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+9EF1iFQyJQ=}</master>
+</settingsSecurity>
++------------------------------------+
+
+ in the file <<</Volumes/mySecureUsb/secure/settings-security.xml>>>
+
+ And then create <<<~/.m2/settings-security.xml>>> with the following content:
+
++------------------------------------+
+<settingsSecurity>
+ <relocation>/Volumes/mySecureUsb/secure/settings-security.xml</relocation>
+
+</settingsSecurity>
++------------------------------------+
+
+ This assures that encryption will only work when the usb drive is mounted by OS.
+ This addresses a use case where only certain people are authorized to deploy and
+ are issued these devices.
+
Propchange: maven/site/trunk/src/site/apt/encryption.apt
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: maven/site/trunk/src/site/apt/encryption.apt
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Modified: maven/site/trunk/src/site/apt/guides/index.apt
URL: http://svn.apache.org/viewvc/maven/site/trunk/src/site/apt/guides/index.apt?rev=743828&r1=743827&r2=743828&view=diff
==============================================================================
--- maven/site/trunk/src/site/apt/guides/index.apt (original)
+++ maven/site/trunk/src/site/apt/guides/index.apt Thu Feb 12 18:30:12 2009
@@ -178,6 +178,8 @@
* {{{../settings.html}Settings Overview}} ({{{../ref/current/maven-settings/settings.html}Technical Settings Descriptor}})
+ * {{{../encryption.html}Password Encryption}}
+
* {{{../plugins/index.html}Core Plug-ins List}}
* {{{../developers/mojo-api-specification.html}Mojo API}}
Modified: maven/site/trunk/src/site/apt/settings.apt
URL: http://svn.apache.org/viewvc/maven/site/trunk/src/site/apt/settings.apt?rev=743828&r1=743827&r2=743828&view=diff
==============================================================================
--- maven/site/trunk/src/site/apt/settings.apt (original)
+++ maven/site/trunk/src/site/apt/settings.apt Thu Feb 12 18:30:12 2009
@@ -18,6 +18,8 @@
[[2]] {{{Servers}Servers}}
+ [[1]] {{{Password_Encryption}Password Encryption}}
+
[[3]] {{{Mirrors}Mirrors}}
[[4]] {{{Proxies}Proxies}}
@@ -175,6 +177,11 @@
<Note:> If you use a private key to login to the server, make sure you omit the <<<\<password\>>>> element.
Otherwise, the key will be ignored.
+
+** {Password Encryption}
+
+ A new feature - server password and passphrase encryption has been added to 2.1.x and 3.0 trunks. See details
+ {{{encryption.html}on this page}}
* {Mirrors}
Re: svn commit: r743828 - in /maven/site/trunk/src/site/apt: encryption.apt guides/index.apt settings.apt
Posted by Brett Porter <br...@apache.org>.
Thanks for this!
I was just wondering if it is intended to be duplicated in the wiki or
was that just an editing ground before putting it on the site?
On 13/02/2009, at 2:30 AM, ogusakov@apache.org wrote:
> Author: ogusakov
> Date: Thu Feb 12 18:30:12 2009
> New Revision: 743828
>
> URL: http://svn.apache.org/viewvc?rev=743828&view=rev
> Log:
> [MNG-553] added password encryption doco to the site
>
> Added:
> maven/site/trunk/src/site/apt/encryption.apt (with props)
> Modified:
> maven/site/trunk/src/site/apt/guides/index.apt
> maven/site/trunk/src/site/apt/settings.apt
--
Brett Porter
brett@apache.org
http://blogs.exist.com/bporter/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org