-
Notifications
You must be signed in to change notification settings - Fork 168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deploy mojo should use maven's encrypted password functionality #77
Comments
See the following snippets of a deployer mojo that uses this functionality: |
Hi @paulprogrammer In your project's pom.xml, say you have the following profile: <profile>
<id>test</id>
<properties>
<apigee.profile>test</apigee.profile>
<apigee.env>test</apigee.env>
<apigee.hosturl>https://api.enterprise.apigee.com</apigee.hosturl>
<apigee.apiversion>v1</apigee.apiversion>
<apigee.org>${org}</apigee.org>
<apigee.username>${username}</apigee.username>
<apigee.password>${password}</apigee.password>
<apigee.options>update</apigee.options>
<api.northbound.domain>${org}-test.apigee.net</api.northbound.domain>
<api.testtag>~@wip</api.testtag>
</properties>
</profile> You can include a settings.xml in your ~/.m2 directory and externalize all of these params so that you dont have to pass them For example: <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
https://maven.apache.org/xsd/settings-1.0.0.xsd">
<profiles>
<profile>
<id>test</id>
<properties>
<org>apigeeOrg</org>
<username>[email protected]</username>
<password>secret</password>
<env>test</env>
</properties>
</profile>
</profiles>
<activeProfiles>
<activeProfile>test</activeProfile>
</activeProfiles>
</settings> Once you have this, you can just execute Or else you can use OAuth tokens where these passwords are not needed to be passed |
@paulprogrammer - will the above comment help or are you looking for anything in particular ? IF not, please close this issue |
Sai,
This helps, but it still requires the usernames and secrets are kept in
cleartext on the developer's machine.
Maven has a feature for encrypted passwords
<https://maven.apache.org/guides/mini/guide-encryption.html> that would be
a more complete solution to the problem.
Paul Williams
[email protected]
Partner Certification and Enablement
Google Cloud API Platform (Apigee)
+1 408 805-9008
Learn why Telenor chose Apigee
<https://www.youtube.com/watch?v=dcf_L1sEBAg&list=PLIXjuPlujxxyP30KyULXqEDutUCEaxLli&index=14>
Check out how West Corp. views APIs as SKUs
<https://www.youtube.com/watch?v=edf0y-a4FOo&index=8&list=PLIXjuPlujxxyP30KyULXqEDutUCEaxLli>
…On Mon, Oct 8, 2018 at 7:53 PM Sai Saran Vaidyanathan < ***@***.***> wrote:
@paulprogrammer <https://github.com/paulprogrammer> - will the above
comment help or are you looking for anything in particular ? IF not, please
close this issue
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#77 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AD2uITDwnZLPMHTOA0oWoWSFFKXOpSeCks5ujAGUgaJpZM4PDNX0>
.
|
The maven's configuration allows for servers to include encrypted passwords as part of the config.
http://maven.apache.org/settings.html#Servers
We should update the plugin to read the encrypted profile data, to adhere to PCI and HIPAA rules, as well as just good operational practice.
The text was updated successfully, but these errors were encountered: