apigee-deploy-maven-plugin
apigee-deploy-maven-plugin copied to clipboard
apigee
Deploy mojo should use maven's encrypted password functionality
The maven's configuration allows for servers to include encrypted passwords as part of the config.
http://maven.apache.org/settings.html#Servers
We should update the plugin to read the encrypted profile data, to adhere to PCI and HIPAA rules, as well as just good operational practice.
See the following snippets of a deployer mojo that uses this functionality:
https://github.com/mojohaus/sql-maven-plugin/blob/447cacdcedfb8334f5ed287cba8b9ecd8f22872b/src/main/java/org/codehaus/mojo/sql/SqlExecMojo.java#L119
https://github.com/mojohaus/sql-maven-plugin/blob/447cacdcedfb8334f5ed287cba8b9ecd8f22872b/src/main/java/org/codehaus/mojo/sql/SqlExecMojo.java#L878
Hi @paulprogrammer You can still do it using profiles within your settings.xml. Thats how I have been using.
In your project's pom.xml, say you have the following profile:
<profile>
<id>test</id>
<properties>
<apigee.profile>test</apigee.profile>
<apigee.env>test</apigee.env>
<apigee.hosturl>https://api.enterprise.apigee.com</apigee.hosturl>
<apigee.apiversion>v1</apigee.apiversion>
<apigee.org>${org}</apigee.org>
<apigee.username>${username}</apigee.username>
<apigee.password>${password}</apigee.password>
<apigee.options>update</apigee.options>
<api.northbound.domain>${org}-test.apigee.net</api.northbound.domain>
<api.testtag>~@wip</api.testtag>
</properties>
</profile>
You can include a settings.xml in your ~/.m2 directory and externalize all of these params so that you dont have to pass them
For example:
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
https://maven.apache.org/xsd/settings-1.0.0.xsd">
<profiles>
<profile>
<id>test</id>
<properties>
<org>apigeeOrg</org>
<username>[email protected]</username>
<password>secret</password>
<env>test</env>
</properties>
</profile>
</profiles>
<activeProfiles>
<activeProfile>test</activeProfile>
</activeProfiles>
</settings>
Once you have this, you can just execute mvn clean install -Ptest . The properties are automatically picked from settings.xml and applied
Or else you can use OAuth tokens where these passwords are not needed to be passed
@paulprogrammer - will the above comment help or are you looking for anything in particular ? IF not, please close this issue
Sai,
This helps, but it still requires the usernames and secrets are kept in cleartext on the developer's machine.
Maven has a feature for encrypted passwords https://maven.apache.org/guides/mini/guide-encryption.html that would be a more complete solution to the problem.
Paul Williams
Partner Certification and Enablement
Google Cloud API Platform (Apigee)
+1 408 805-9008 Learn why Telenor chose Apigee https://www.youtube.com/watch?v=dcf_L1sEBAg&list=PLIXjuPlujxxyP30KyULXqEDutUCEaxLli&index=14 Check out how West Corp. views APIs as SKUs https://www.youtube.com/watch?v=edf0y-a4FOo&index=8&list=PLIXjuPlujxxyP30KyULXqEDutUCEaxLli
On Mon, Oct 8, 2018 at 7:53 PM Sai Saran Vaidyanathan < [email protected]> wrote:
@paulprogrammer https://github.com/paulprogrammer - will the above comment help or are you looking for anything in particular ? IF not, please close this issue
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/apigee/apigee-deploy-maven-plugin/issues/77#issuecomment-428033405, or mute the thread https://github.com/notifications/unsubscribe-auth/AD2uITDwnZLPMHTOA0oWoWSFFKXOpSeCks5ujAGUgaJpZM4PDNX0 .