Is there a method to externalize my SCM credentials so they are not stored in the project's POM? The problem being if they're contained in the project's POM, they will be visible to all when the project is deployed.
Asked
Active
Viewed 4.8k times
4 Answers
63
For some SCM providers you can specify your credentials in the <servers> section of settings.xml. As an <id> use the domain name of your repository. This works for me with mercurial. SubVersion works too.
For example, given my pom.xml contains:
<scm>
<connection>scm:hg:http://jukito.googlecode.com/hg/</connection>
<developerConnection>scm:hg:https://jukito.googlecode.com/hg/</developerConnection>
<url>http://code.google.com/p/jukito/source/browse/</url>
</scm>
Then I can specify my credentials in settings.xml as such:
<server>
<id>jukito.googlecode.com</id>
<username>philippe.beaudoin</username>
<password>1234567890ABC</password>
</server>
Ev0oD
- 1,395
- 16
- 33
Philippe Beaudoin
- 3,290
- 1
- 22
- 25
-
Thanks, this seems to work for svn too. Do you know if this is documented somewhere? – Jörn Horstmann Feb 08 '11 at 13:32
-
I don't know. Took me a while to find it, by recouping information here and there on the net I believe. – Philippe Beaudoin Feb 09 '11 at 20:03
-
4@Jörn Horstmann This is described in Annex A.2.2 of the maven reference book, see http://www.sonatype.com/books/mvnref-book/reference/appendix-settings-sect-details.html#appendix-settings-sect-servers – Sébastien Le Callonnec Jun 28 '11 at 12:22
-
...the port number being important here, as @mudged points out; thus accounting for different processes/server running on the same host (@01es) – Darren Bishop Mar 01 '13 at 14:32
-
2Note that this also works for git using ssh. In my case, for
I use: `scm:git:ssh://git@bitbucket.org/{account}/{project}`, then in my settings.xml I use ` – Neil Mar 20 '14 at 11:58bitbucket.org /c/Users/neil.hunt/.ssh/id_rsa ` -
Older versions of maven-release-plugin require the password to be plain text. Newer version will accept the Maven encrypted password. – JustinKSU Oct 12 '15 at 16:28
-
OMG, why isn't this mentioned in any of the SCM docs? This means my settings for `project.scm.id` is ignored when using the `buildnumber-plugin`. – oligofren Aug 27 '18 at 08:46
24
I realise that this question is old and the answers is accepted, but for the sake of completeness would like to provide the following alternative, which might be preferred in certain cases.
Motivation
It so sometimes happens that the same server is used for several purposes, which requires different user credentials. For example, it is used for hosting Nexus-driven Maven repository as well as an SVN server that have different credentials for the same user. In such cases, there would need to be several <server> entries with the same id and username, but different password. This, however, is not viable.
Solution
Maven release plugin supports flags username and password that can be provided as part of the release:prepare and release:perform commands. Values for username and password should match the respective SVN credentials.
mvn release:prepare -Dusername=[username] -Dpassword=[password]
01es
- 5,362
- 1
- 31
- 40
-
6NOt a good idea to pass these on the command as anyone can view runnignprocesses to get your credentials. – Eddie Dec 03 '12 at 14:19
-
1
-
1@Ev0oD - yes, use Maven's built in encryption ideally, but minimally have credentials in settings.xml
– Eddie Oct 20 '14 at 18:45
5
This can be done for many of the SCM providers, I assume Subversion as the implementation based on your tag.
You can define your Subversion settings in $user.home/.scm/svn-settings.xml (or [maven home]/conf/.scm/svn-settings.xml, though this means they'll still be visible to users of the system)
In that file you can set your username and password for the Subversion server. The file contents should look like this:
<svn-settings>
<user>[svn user]</user>
<password>[svn password]</password>
</svn-settings>
You can define some other properties in that configuration file. For more details see the "Provider Configuration" section of Subversion SCM page.
Other SCM providers have a similar approach, for example in CVS the settings are stored in cvs-settings.xml in the same location (the .scm folder), see the CVS SCM page for details.
Community
- 1
- 1
Rich Seller
- 83,208
- 23
- 172
- 177
-
3Hi Rich, your suggestion doesn't work (at least for me). Moreover, on your link there is nothing about username and password... So, thereis must be another solution... – Worker Oct 11 '10 at 14:44
-
1Check this out: http://stackoverflow.com/questions/3618330/what-is-the-format-of-svn-settings-xml-for-use-with-maven-scm-plugin – Worker Oct 11 '10 at 14:49
-
1
-
-
Does not work for me either. Philippe's answer should be marked "correct". – Christian Feb 08 '17 at 09:32
4
I've managed to get this to work by using the solution provided above i.e. adding a new server configuration to my settings.xml and giving the domain name as the id.
<server>
<id>domain.name:port</id>
<username>[username]</username>
<password>[password]</password>
</server>
In addition to the previous answer, if you are specifying a port in your URL this also need to be included in the server.id. Another quirk that I found is that you need to put the password in quotes if it contains any characters that might interfere with the command line call.
You cannot use the following in your $user.home/.scm/svn-settings.xm as it is not valid! There are no such elements as <user> and <password> under <svn-settings> (as specified here )
<svn-settings>
<user>[svn user]</user>
<password>[svn password]</password>
</svn-settings>
Mudged
- 252
- 1
- 4
- 11