Externalising SCM credentials with Maven

Question

Is there a method to externalize my SCM credentials so they are not stored in the project's POM? The problem being if they're contained in the project's POM, they will be visible to all when the project is deployed.

Answer 1

This can be done for many of the SCM providers, I assume Subversion as the implementation based on your tag.

You can define your Subversion settings in $user.home/.scm/svn-settings.xml (or [maven home]/conf/.scm/svn-settings.xml, though this means they'll still be visible to users of the system)

In that file you can set your username and password for the Subversion server. The file contents should look like this:

<svn-settings>
  <user>[svn user]</user>
  <password>[svn password]</password>
</svn-settings>

You can define some other properties in that configuration file. For more details see the "Provider Configuration" section of Subversion SCM page.

Other SCM providers have a similar approach, for example in CVS the settings are stored in cvs-settings.xml in the same location (the .scm folder), see the CVS SCM page for details.

Answer 2

For some SCM providers you can specify your credentials in the <servers> section of settings.xml. As an <id> use the domain name of your repository. This works for me with mercurial. SubVersion works too.

For example, given my pom.xml contains:

<scm>
  <connection>scm:hg:http://jukito.googlecode.com/hg/</connection>
  <developerConnection>scm:hg:https://jukito.googlecode.com/hg/</developerConnection>
  <url>http://code.google.com/p/jukito/source/browse/</url>
</scm>

Then I can specify my credentials in settings.xml as such:

<server>
  <id>jukito.googlecode.com</id>
  <username>philippe.beaudoin</username>
  <password>1234567890ABC</password>
</server>

Answer 3

I realise that this question is old and the answers is accepted, but for the sake of completeness would like to provide the following alternative, which might be preferred in certain cases.

Motivation

It so sometimes happens that the same server is used for several purposes, which requires different user credentials. For example, it is used for hosting Nexus-driven Maven repository as well as an SVN server that have different credentials for the same user. In such cases, there would need to be several <server> entries with the same id and username, but different password. This, however, is not viable.

Solution

Maven release plugin supports flags username and password that can be provided as part of the release:prepare and release:perform commands. Values for username and password should match the respective SVN credentials.

mvn release:prepare -Dusername=[username] -Dpassword=[password] 

Answer 4

I've managed to get this to work by using the solution provided above i.e. adding a new server configuration to my settings.xml and giving the domain name as the id.

<server>
  <id>domain.name:port</id>
  <username>[username]</username>
  <password>[password]</password>
</server>

In addition to the previous answer, if you are specifying a port in your URL this also need to be included in the server.id. Another quirk that I found is that you need to put the password in quotes if it contains any characters that might interfere with the command line call.

You cannot use the following in your $user.home/.scm/svn-settings.xm as it is not valid! There are no such elements as <user> and <password> under <svn-settings> (as specified here )

<svn-settings>
  <user>[svn user]</user>
  <password>[svn password]</password>
</svn-settings>