Maven | Encrypt clear text passwords in settings.xml
  1. Encrypt passwords
  2. Recover/Decrypt passwords
  1. Encrypt passwords
    See this page for information: http://maven.apache.org/guides/mini/guide-encryption.html

    To encrypt passwords in the file settings.xml, you need, first, to create a Maven master password which will be used by Maven to encrypt/decrypt your passwords:

    Then you need to create a new file ${HOME}/.m2/settings-security.xml and add to it the master password as following:

    Once done you can encrypt your passwords using the following command:

    Copy the generated password and replace its, clear text, occurrence in the file settings.xml.

    Maven will be aware that the password was encrypted and will use the master password to decrypt it when it needs to have access to the clear text password.

    Note: The password is an optional argument for the commands mvn -emp and mvn -ep. If you omit the password, you will be prompted for it. This will avoid the need to escape any special character in your password. Also it will avoid that the shell stores your password in its history of commands.
  2. Recover/Decrypt passwords
    Please note that someone that has access to the VM where Maven is installed can easily decrypt the passwords in the file settings.xml. One way to address that is to add a relocation element in the file settings-security.xml that points to another protected file that contains the master password.

    If you need to recover your passwords that you stored in the files settings.xml and settings-security.xml, you can use this tool http://github.com/jelmerk/maven-settings-decoder.

    Once you have downloaded the maven-settings-decoder tool and extract its content, you can execute it against the two settings xml files, as following:
© 2025  mtitek