what I'm trying to do is granting access to remote repository for my container with Servicemix application. I've changed the org.ops4j.pax.url.mvn.cfg, mainly the org.ops4j.pax.url.mvn.repositories variable. Added a URL of the repository there with #id. It's probably not working because it has no access to that. What's the best approach, how could I grant access?
Related
I have a spring boot application where I am using some aws services.
The code in openly available in Git.
I don't want to commit AWS secret and access keys which are part of application.properties. I can't add to .gitignore as I want to commit other values of application.properties.
Many are committing to this repo. We are adding these aws keys in local and making sure its not added as part of any commit.
I want to make sure the aws keys in application.properties should not come to git at any cost. Which is the best way to manage these secret keys.?
You shouldn't be placing AWS API keys in application.properties at all. If the application is running on AWS it should be using the IAM role of the server it is running on. If it is not running on AWS it should probably be using environment variables.
Please review the documentation on this subject here.
Thanks to #Mark B. I would prefer using Java system properties as we can maintain them at application level. Env variables will be at system level which is not really needed and it may lead to conflicts.
while running an spring-boot jar with mvn, it can be done as below
mvn spring-boot:run -Dspring-boot.run.jvmArguments="-Daws.accessKeyId=XXXXXXXXXXX -Daws.secretKey=XXXXXXXXXXX"
if running for IDE like Eclipse or IntelliJ, it should be added as VM Options.
-Daws.accessKeyId=XXXXXXXXXXX -Daws.secretKey=XXXXXXXXXXXX
After this AWS client object can be built as usual.
As an example,
SNS client can be build by
AmazonSNS snsClient = AmazonSNSClient.builder().withRegion(Regions.US_EAST_1).build();
SES client can be built by
AmazonSimpleEmailService emailClient = AmazonSimpleEmailServiceClientBuilder.standard().withRegion(Regions.US_EAST_1).build();
Some of my services require API secrets in their configurations. My project is open source, so I cannot store these secrets in the main repository.
Spring Cloud Config has the ability to connect to a private git repository to retrieve the secret configuration, but to do so requires credentials which I, again, cannot store in the main repository.
What is the best practice for storing secrets in an open source application when using Spring Cloud Config?
In both open source and closed source applications, credentials should not be stored with the source code.
Multiple solutions exist to store credentials, you can store them into environment variables, into a property file added in .gitignore or if you want a more elaborate solution you can use a dedicated tool such as HashiCorp Vault. There is an interesting official Spring blog post exploring this solution : Managing Secrets with Vault.
I need to host several jar files in maven repository. There are may free web hosting companies which provide free web space. Do I need some special configuration to create a simple maven repository and upload maven jars?
In essence, a Maven repository is simply a place to store and retrieve files from. Nowadays, this is mainly done via the HTTP protocol. In an over-simplified example (as it was in the early days of Maven), things were simply hosted in a web server - you would deploy them via an HTTP PUT and retrieve them over HTTP GET. As things evolved, Maven artifact repository managers evolved and they started keeping record of various kinds of metadata.
As an over-simplified answer: if you have a proper <distributionManagement/> and <repositories/> section in your pom.xml and you can issue HTTP PUT and HTTP GET operations against a web server, then you can store these artifacts in a web server, if you really don't want to use an artifact repository manager (which is not really advisable, but hey, who am I to stop you?!). Clearly, this example doesn't cover adding credentials (which is handled by the Maven settings.xml's <servers/> id mappings to <repository/> id-s.
If your free hosting service allows you to install an artifact repository manager, you should consider picking one and installing it.
I have a central Maven repository which is shared by more than one Projects within the Company LAN. Now, I need to have an artifact which is licensed for a single Project, to be placed in the shared repository.
Is it possible set authorized access to that artifact, the credential can ideally be in the pom file of the desired project.
Any better solution is more than welcome.
Maven doesn't handle access rights in repositories, since it's just a client fetching data from a server. If you're using a repository manager, read its documentation. If you're just hosting files behind an Apache HTTPD server, then configure HTTPD.
Alternatively, you could move that file in a separate repository, and configure just one project's POM to use it. This doesn't fix the fact that the repository will continue to be public, so other projects/teams could get to it if they really want to.
we have a settings.xml on a build server that restricts access to outside repositories and forces access to a local repository.
with the cooperation of the policy makers behind this, we are investigating the possibility to selectively (from a project's pom.xml) enable outside repository access.
is this possible? if so, would it be as simple as configuring the repository in the pom.xml?
I'm afraid it isn't possible. You need to specify an alternative settings.xml on the command line.