Maven: Read encrypted password from settings.xml in pom.xml

Question

I am trying to use an encrypted password in my settings.xml. I have in my pom.xml a plugin connecting to the database, usin sql-maven-plugin:

<plugin>
  <groupId>org.codehaus.mojo</groupId>
  <artifactId>sql-maven-plugin</artifactId>
  <version>1.4</version>

  <dependencies>
    <dependency>
      <groupId>com.oracle</groupId>
      <artifactId>ojdbc14</artifactId>
      <version>10.2.0.5.0</version>
    </dependency>
  </dependencies>

  <configuration>
    <driver>oracle.jdbc.driver.OracleDriver</driver>
    <url>jdbc:oracle:thin:@ip.com:1521:SID</url>
    <username>someUser</username>
    <password>{JucQpWS78Q0HW+3ZS/FCCGHQpwbJ8ySl2Io/ILJqf88=}</password>
  </configuration>

  <executions>
    <execution>
      <id>update-configuration</id>
      <phase>package</phase>
      <goals>
        <goal>execute</goal>
      </goals>
      <configuration>
        <autocommit>false</autocommit>
        <srcFiles>
          <srcFile>src/main/sql/update_sim_configuration.sql</srcFile>
        </srcFiles>
      </configuration>
    </execution>

  </executions>
</plugin>

Which is working OK if I put the password as plain text in my pom.xml, I want to read this password from my settings.xml, the password is encrypted in this way:

mvn -ep the_password

I have in my settings.xml

...
<server>
  <id>rms13-db-dev</id>
  <username>user</username>
  <password>{JucQpWS78Q0HW+3ZS/FCCGHQpwbJ8ySl2Io/ILJqf88=}</password>
</server>
...

I want to 'read' decode in someway the 'password' from 'rms13-db-dev', how can I achieve this? or if you have an alternative version to achieve this.

Answer 1

For this to work, you need to encrypt a password using Maven tools and then configure the sql-maven-plugin to use it . This is not supported in version 1.4 of the plugin but it is possible with 1.5.

1. Create a master password with the command

    mvn --encrypt-master-password 

   Maven will prompt you for the password since 3.2.1. Once you did that, create a file called ~/.m2/settings-security.xml with the content

    <settingsSecurity> <master><!-- result of above command --></master> </settingsSecurity> 

2. Encrypt your password with the command

    mvn --encrypt-password 

   The same as before, Maven will prompt you for the password. Then in your Maven settings ( ~/.m2/settings.xml , create the file if it doesn't exist), have the content

    <settings> ... <servers> ... <server> <id>my.server</id> <username><!-- your DB username --></username> <password><!-- the encrypted password --></password> </server> ... </servers> ... </settings> 

3. Configure your sql-maven-plugin with the settingsKey attribute to your server id, which in this case would be my.server . You need to use version 1.5 of the plugin.

    <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>sql-maven-plugin</artifactId> <version>1.5</version> <!-- 1.5 required --> <configuration> <settingsKey>my.server</settingsKey> <!-- id of server here --> <driver>oracle.jdbc.driver.OracleDriver</driver> <url>jdbc:oracle:thin:@ip.com:1521:SID</url> <!-- username and password are not mentioned anymore --> </configuration> </plugin> 

If any of the encrypted passwords contain curly braces, you'll need to escape them by having \\{ and \\} .

Answer 2

1. In pom.xml , remove user/password and instead specify a settingsKey as explained in the MOJO documentation .
2. In settings.xml , create a new server entry with id equals to the previous settingsKey value, as explained here .
3. Create a settings-security.xml and encrypt the server password the standard way . The file should be created in the following path: ${user.home}/.m2/settings-security.xml See example below:

    <settingsSecurity>
        <master>{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+9EF1iFQyJQ=}</master>
    </settingsSecurity>