Exist Maestro - Securing Server Passwords

Securing Server Passwords

This section provides information in creating master passwords, encrypting master and server passwords, and keeping the password in the removable drive.

The password encryption feature provides the following:

Authorized users will have the settings-security.xml file in the ~/.m2 folder. This file:
- contains the encrypted master password
- can be used for encrypting other passwords
- includes a relocation or reference to another file, possibly on removable drive
Note: You can create the password through the command line interface for now.
Server entries in the settings.xml have encrypted passwords and/or keystore passphrases.

Creating a Master Password

To create a master password, follow these steps:

Execute the following command:

mvn --encrypt-master-password <password>

Executing the command provides an encrypted version of the password. For example:
```
{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI7u+8EF1iFQyJQ=}
```
Save the encrypted password in the ~/.m2/settings-security.xml. For example:
```
<settingsSecurity>
  <master>{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+9EF1iFQyJQ=}</master>
</settingsSecurity>
```
Note: Once you have created the master password, you can now start encrypting existing server passwords.

Encrypting Server Passwords

To encrypt server passwords, perform these steps:

Execute the following command:
```
mvn --encrypt-password <password>
```
Executing the command provides an encrypted version of the password. For example:
```
{COQLCE6DU6GtcS5P=}
```

Save the encrypted password in the server section of the settings.xml file. For example:

<settings>
...
  <servers>
...
    <server>
      <id>my.server</id>
      <username>foo</username>
      <password>{COQLCE6DU6GtcS5P=}</password>
    </server>
...
  </servers>
...
</settings>

Note: You can add any information outside the password's curly brackets. For example:

<settings>
...
  <servers>
...
    <server>
      <id>my.server</id>
      <username>foo</username>
      <password>Please reset this password {COQLCE6DU6GtcS5P=}</password>
    </server>
...
  </servers>
...
</settings>

You can now start deploying to the server without worrying about your password. All passwords are encrypted.

Keeping the Master Password in a Removable Drive

Perform these steps:

Create the master password. See procedure above.

In the settings-security.xml file stored in the removable drive, save the encrypted password. Example:

<settingsSecurity>
  <master>{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+9EF1iFQyJQ=}</master>
</settingsSecurity>

Create ~/.m2/settings-security.xml with the following content:
```
<settingsSecurity>
  <relocation>/[removable_drive_directory]/settings-security.xml</relocation>
</settingsSecurity>
```
Note: Performing the procedure above assures you that encryption will only work when the removable drive is mounted.

Maestro Documents

Support Documents

Securing Server Passwords

Creating a Master Password

Encrypting Server Passwords

Keeping the Master Password in a Removable Drive