Is there a method to externalize my SCM credentials so they are not stored in the project's POM? The problem being if they're contained in the project's POM, they will be visible to all when the project is deployed.
For some SCM providers you can specify your credentials in the <servers>
section of settings.xml
. As an <id>
use the domain name of your repository. This works for me with mercurial. SubVersion works too.
For example, given my pom.xml
contains:
<scm>
<connection>scm:hg:http://jukito.googlecode.com/hg/</connection>
<developerConnection>scm:hg:https://jukito.googlecode.com/hg/</developerConnection>
<url>http://code.google.com/p/jukito/source/browse/</url>
</scm>
Then I can specify my credentials in settings.xml
as such:
<server>
<id>jukito.googlecode.com</id>
<username>philippe.beaudoin</username>
<password>1234567890ABC</password>
</server>