Where do I put my credentials when using Ivy and a private company repository?

Question

I'm using Ant + Ivy, and my company has recently set up a Nexus server for our own private libraries. Ivy can get dependencies from the Nexus server by using a ibilio resolver and m2compatible=true, but I have to put my credentials in a ivysettings.xml file.

How are different developers supposed to store their credentials?

Is the ivysettings.xml file not supposed to be commited in vcs?

I really don't want to store my password in plain text.

Answer 1

Use a settings file with properties controlling the Nexus credentials:

<ivysettings>
    <property name="repo.host" value="default.mycompany.com" override="false"/>
    <property name="repo.realm" value="Sonatype Nexus Repository Manager" override="false"/>
    <property name="repo.user" value="deployment"  override="false"/>
    <property name="repo.pass" value="deployment123"  override="false"/>          

    <credentials host="${repo.host}" realm="${repo.realm}" username="${repo.user}" passwd="${repo.pass}"/>

    ..
    ..
</ivysettings>

When you run the build you can then specify the true username and password:

ant -Drepo.user=mark -Drepo.pass=s3Cret

Update/Enhancement

Storing passwords as properties on the file system requires encryption.

Jasypt has a command-line program that can generate encrypted strings:

$ encrypt.sh verbose=0 password=123 input=s3Cret
hXiMYkpsPY7j3aIh/2/vfQ==

This can be saved in the build's property file:

username=bill
password=ENC(hXiMYkpsPY7j3aIh/2/vfQ==)

The following ANT target will decrypt any encrypted ANT properties:

<target name="decrypt">
    <taskdef name="groovy" classname="org.codehaus.groovy.ant.Groovy" classpathref="build.path"/>

    <groovy>
    import org.jasypt.properties.EncryptableProperties
    import org.jasypt.encryption.pbe.StandardPBEStringEncryptor

    StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor()
    encryptor.setPassword(properties["master.pass"])

    Properties props = new EncryptableProperties((Properties)properties, encryptor);

    props.propertyNames().each {
        properties[it] = props.getProperty(it)
    }
    </groovy>
</target>

Of course to make this work, the password used for encrypting the properties needs to be specified as part of the build.

ant -Dmaster.pass=123

This means the solution is only good for hiding data at rest.