Generate settings-security.xml file for maven password encryption

jvtrudel picture jvtrudel · Jul 24, 2018 · Viewed 10k times · Source

I want to encrypt my Apache Archiva server password using maven password encryption.

I did:

mvn --encrypt-master-password 12345

Fine. I got an encrypted password inside brackets. Then:

mvn --encrypt-password 12345

Maven complains:

[ERROR] Error executing Maven.
[ERROR] java.io.FileNotFoundException: /home/myUserName/.m2/settings-security.xml (No such file or directory)
[ERROR] Caused by: /home/myUserName/.m2/settings-security.xml (No such file or directory)

I understand that I should put my encrypted master password in the file settings-security.xml, but it does not exist at the default location and maven is not able to generate it.

What should be the content of this configuration file? How to generate it?

Answer

secf00tprint picture secf00tprint · Apr 15, 2020

mvn --encrypt-master-password does not create a file settings-security.xml. You have to do it yourself.

So the procedure is:

  1. Use the command mvn --encrypt-master-password to generate a master password. Remember this password.
  2. Create a new file settings-security.xml in ${user.home}/.m2/. For example, on Mac OS X or Ubuntu as ~/.m2/settings-security.xml.

Write into this file:

<settingsSecurity>
  <master>OUTPUT OF THE COMMAND: mvn --encrypt-master-password</master>
</settingsSecurity>

e.g.:

<settingsSecurity>
  <master>{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+9EF1iFQyJQ=}</master>
</settingsSecurity>

After that the maven encrypt command works on the command line:

mvn --encrypt-password

As mentioned by khmarbaise, more detailed information can be found here: https://maven.apache.org/guides/mini/guide-encryption.html