Fork me on GitHub
#tools-deps
<
2024-05-15
>
msolli11:05:12

I just ran into the missing support for password encryption in settings.xml: https://ask.clojure.org/index.php/13320/support-of-maven-password-encryption-in-tools-deps. I've voted for the issue on Ask. In the meantime, does anyone have a practical workaround where I can avoid keeping unencrypted passwords in settings.xml?

mpenet11:05:04

<username>${env.SERVER_USERNAME}</username>
      <password>${env.SERVER_PASSWORD}</password>

👍 1
msolli11:05:22

Thanks, I'll give it a go.

msolli12:05:28

Works beautifully, thanks! 👍 Though I'd love to see that Ask implemented to avoid keep plaintext password laying around.

Alex Miller (Clojure team)12:05:08

I believe there is a patch on that ticket but I’m kind of waiting until I make the transition to the newer set of Maven libs as that may change the impl

👍 1
Noah Bogart13:05:24

the env var is how we do it at my job as well, it works great across teams

jumar15:05:59

I am wondering how much extra security you get by moving it to env vars…

mpenet15:05:04

They can be fed from password managers agents, or on ci via a runner, etc etc it’s quite handy

1
Noah Bogart15:05:32

we use the 1password cli tool to inject a bunch of env variables for our common tasks with binstubs