Externalising SCM credentials with Maven

Kingamajick picture Kingamajick · Aug 10, 2009 · Viewed 45.4k times · Source

Is there a method to externalize my SCM credentials so they are not stored in the project's POM? The problem being if they're contained in the project's POM, they will be visible to all when the project is deployed.

Answer

Philippe Beaudoin picture Philippe Beaudoin · Jan 25, 2011

For some SCM providers you can specify your credentials in the <servers> section of settings.xml. As an <id> use the domain name of your repository. This works for me with mercurial. SubVersion works too.

For example, given my pom.xml contains:

<scm>
  <connection>scm:hg:http://jukito.googlecode.com/hg/</connection>
  <developerConnection>scm:hg:https://jukito.googlecode.com/hg/</developerConnection>
  <url>http://code.google.com/p/jukito/source/browse/</url>
</scm>

Then I can specify my credentials in settings.xml as such:

<server>
  <id>jukito.googlecode.com</id>
  <username>philippe.beaudoin</username>
  <password>1234567890ABC</password>
</server>