How to sign jar using jarsign without providing -storepass?

Question

Using jarsign without -storepass will prompt for the keystore password, which will break our automated build (no human intervention)

If we use jarsign with -storepass, then this will effectively log the password in cleartext in the build log.

Is there another way to pass storepass without using the command-line?

Answer 1

I wrote a script to call jarsign.

So in the build log, we only see the wrapper script.

Storepass is piped to jarsign so it's not visible on the command-line (as @Perception suggested).

Answer 2

If you use Maven you could try with the Jarsigner Plugin. There you could load the storepass from a property defined in your settings.xml