Where do I put my credentials when using Ivy and a private company repository?

java ant ivy nexus
kalithlev picture kalithlev · Sep 21, 2011 · Viewed 14.6k times · Source

I'm using Ant + Ivy, and my company has recently set up a Nexus server for our own private libraries. Ivy can get dependencies from the Nexus server by using a ibilio resolver and m2compatible=true, but I have to put my credentials in a ivysettings.xml file.

How are different developers supposed to store their credentials?

Is the ivysettings.xml file not supposed to be commited in vcs?

I really don't want to store my password in plain text.

Answer

Mark O'Connor picture Mark O'Connor · Sep 21, 2011

Use a settings file with properties controlling the Nexus credentials:

<ivysettings>
    <property name="repo.host" value="default.mycompany.com" override="false"/>
    <property name="repo.realm" value="Sonatype Nexus Repository Manager" override="false"/>
    <property name="repo.user" value="deployment"  override="false"/>
    <property name="repo.pass" value="deployment123"  override="false"/>          

    <credentials host="${repo.host}" realm="${repo.realm}" username="${repo.user}" passwd="${repo.pass}"/>

    ..
    ..
</ivysettings>

When you run the build you can then specify the true username and password:

ant -Drepo.user=mark -Drepo.pass=s3Cret

Update/Enhancement

Storing passwords as properties on the file system requires encryption.

Jasypt has a command-line program that can generate encrypted strings:

$ encrypt.sh verbose=0 password=123 input=s3Cret
hXiMYkpsPY7j3aIh/2/vfQ==

This can be saved in the build's property file:

username=bill
password=ENC(hXiMYkpsPY7j3aIh/2/vfQ==)

The following ANT target will decrypt any encrypted ANT properties:

<target name="decrypt">
    <taskdef name="groovy" classname="org.codehaus.groovy.ant.Groovy" classpathref="build.path"/>

    <groovy>
    import org.jasypt.properties.EncryptableProperties
    import org.jasypt.encryption.pbe.StandardPBEStringEncryptor

    StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor()
    encryptor.setPassword(properties["master.pass"])

    Properties props = new EncryptableProperties((Properties)properties, encryptor);

    props.propertyNames().each {
        properties[it] = props.getProperty(it)
    }
    </groovy>
</target>

Of course to make this work, the password used for encrypting the properties needs to be specified as part of the build.

ant -Dmaster.pass=123

This means the solution is only good for hiding data at rest.

Related questions

Ant target failing: Antlib or Ivy issue?

Possible Duplicate: Ivy fails to resolve a dependancy, unable to find cause I'm trying to run the following build task (initIvy): <?xml version="1.0" encoding="UTF-8"?> <project name="myproject-build" default="package" basedir=".." xmlns:ivy="antlib:org.apache.ivy.…

Read More
Can someone explain the ivy.xml dependency's conf attribute?

I can't find any thorough explanation of the Ivy dependency tag's conf attribute: <dependency org="hibernate" name="hibernate" rev="3.1.3" conf="runtime, standalone -> runtime(*)"/> See that conf attribute? I can't find any explanation (that I can understand) …

Read More
Maven or Ivy? Which one is better with a system already in production? And the other differences?

I know that this is a complicated question, but I would like know which one is better in the case of a system that it's already in production, with a lot of bugs and really bad design at all. A …

Read More