During a Maven build, you need to connect to external repositories outside your firewall. In a tightened secured environment, any outbound connection has to go through an internal proxy server. The following configuration in MAVEN_HOME/conf/settings.xml
shows how to connect to an external repository via a secured proxy server:
<proxy> <id>internal_proxy</id> <active>true</active> <protocol>http</protocol> <username>proxyuser</username> <password>proxypass</password> <host>proxy.host.net</host> <port>80</port> <nonProxyHosts>local.net|some.host.com</nonProxyHosts> </proxy>
Also, the Maven repositories can be protected for legitimate access. If a given repository is protected with HTTP basic authentication, the corresponding credentials should be defined as shown in the following code, under the servers
element of MAVEN_HOME/conf/settings.xml
:
<server> <id>central</id> <username>my_username</username> <password>my_password</password> </server>
Keeping confidential data in configuration files in cleartext is a security threat that must be avoided. Maven provides a way of encrypting configuration data in settings.xml
.
First, we need to create a master encryption key:
$ mvn -emp mymasterpassword {lJ1MrCQRnngHIpSadxoyEKyt2zIGbm3Yl0ClKdTtRR6TleNaEfGOEoJaxNcdMr+G}
With the output from the previous command, we need to create a file called settings-security.xml
under USER_HOME/.m2/
and add the encrypted master
password there, as shown in the following code:
<settingsSecurity> <master> {lJ1MrCQRnngHIpSadxoyEKyt2zIGbm3Yl0ClKdTtRR6TleNaEfGOEoJaxNcdMr+G} </master> </settingsSecurity>
Once the master
password is configured properly, we can start encrypting rest of the confidential data in settings.xml
. Let's see how to encrypt the server password. First, we need to generate the encrypted password for the cleartext using the following command. Note that earlier we used emp
(encrypt master password) and now we are using ep
(encrypt password):
$ mvn -ep my_password {PbYw8YaLb3cHA34/5EdHzoUsmmw/u/nWOwb9e+x6Hbs=}
Copy the value of the encrypted password and replace the corresponding value in settings.xml
:
<server> <id>central</id> <username>my_username</username> <password> {PbYw8YaLb3cHA34/5EdHzoUsmmw/u/nWOwb9e+x6Hbs=} </password> </server>
18.221.66.185