Important:
Maven's password encryption feature provides obfuscation, not true security.
It protects against casual viewing but can be easily decrypted by anyone with access to your system and Maven installation.
See the official Maven documentation for comprehensive information:
https://maven.apache.org/guides/mini/guide-encryption.html
Available Options:
-emp,--encrypt-master-password <arg> Encrypt master security password
-ep,--encrypt-password <arg> Encrypt server password
To encrypt passwords in your Maven
settings.xml file,
you must first create a Maven
master password
which Maven will use to encrypt and decrypt your passwords:
$ mvn --encrypt-master-password my-master-password
{wJ/n72ck7SoHf+oKi74V0/aNPw8y5qr8c/biQsjpEFZzLV1YaTFC1ns1cnoBIh0w}
Next, create the file
${user.home}/.m2/settings-security.xml
and add the encrypted master password:
$ vi ${user.home}/.m2/settings-security.xml
<settingsSecurity>
<master>{wJ/n72ck7SoHf+oKi74V0/aNPw8y5qr8c/biQsjpEFZzLV1YaTFC1ns1cnoBIh0w}</master>
</settingsSecurity>
Now you can encrypt individual passwords using:
$ mvn --encrypt-password my-password
{COQLCE6DU6GtcS5P=}
Replace the clear text passwords in your
settings.xml file with the encrypted versions. For example:
<servers>
<server>
<id>my-server></id>
<username>my-username</username>
<password>{COQLCE6DU6GtcS5P=}</password>
</server>
</servers>
Maven automatically detects encrypted passwords (enclosed in curly braces) and decrypts them using the master password when needed.