Recover a Maven encrypted password? - maven

I have Maven set up for password encryption with a master password, and some time ago I encrypted a password with that and stored it in my settings.xml. The password is successfully in use by Maven plugins.
Now I want to recover that password for use outside Maven (performing an operation manually using a web browser). Is there a command to simply print the decrypted version of a server password?

Use the maven-settings-decoder tool.

Related

Maven - Password Encryption

I am new to Maven and trying to understand the password encrytion.
I have installed maven and created .m2 folder and inside settings.xml and settings-security.xml.In the settings I have proxies where I give the server password. And in the settings-security I give the master password.
My question: what is this master password and server password for? I understand from the document that the password are encryted and saved as master password. My doubt is how does this master password and server password works in a simple flow.
Can these passwords be a random one or should it be a login password to the server.
Thank you.

SonarQube(Version 5.4) LDAP Integration plugin

I've installed the LDAP Integration plugin in SonarQube(Version 5.4) and restarted the server.
I didn't make any changes to config file.
When I try to login, a credential prompt pops up, here I enter the same credentials I use to login to server. But even after this the sonarqube console asks me for a username and a password, this is the sonarqube username and password not the windows one's.
Do I need to make any changes for SonaQube to use windows credentials? or is it just ldap?
Please let me know if I'm missing something here.

Recover ansible-vault password in case password is forgotten

I am using ansible-vault to set password protect var/main.yml file.
Now I can push my source code in source control system. After that deploys in production server. Suppose somebody manipulate the password or forgot the password. Is there any way to recover ansible-vault
password or set the new password again without asking the old password?
Thanks in advance
Unless you brute force the password there is no way to recover it.
I suggest you use a password manager to store your password and share the password database within your organization. For example, you could store the password in a password service which has email or SMS reset option to recover the user account, though this might not be very good idea for high security environments.

How to check if a svn command needs authentication

Is there any possible way to check if a SVN update needs authentication or not?
Scenario : I have written a ruby GUI app which updates SVN repositories (from a static path) in a scheduled manner. This executes as a windows service. Also have tortoisesvn installed.
In ruby when I execute
svn update local_path_to_repository --username user --password password in my script then it works fine as I am passing the username & password with the update command.
But, tortoisesvn saves the password (by caching password, using standard Windows cryptography services to encrypt the password on disk) when I checkout the repository for the first time so I don't necessarily need to pass the username and password every time. Thus I just have svn update local_path_to_repository in my script.
Issue: This works fine until I change my LDAP password. Once my LDAP password is changed all the repository fails to get updated as it is requesting for the new password but there is no user interface for passing the new password.
I need to build the username and password UI only when svn updates needs those credentials but not always. How do I achieve this?
Update : Reading from the SVN book. I Understood that:
The client checks whether the user specified any credentials as command-line options (--username and/or --password). If not, or if these options fail to authenticate successfully, then
The client looks up the server's hostname, port, and realm in the runtime auth/ area, to see if the user already has the appropriate credentials cached. If not, or if the cached credentials fail to authenticate, then
Finally, the client resorts to prompting the user (unless instructed not to do so via the --non-interactive option or its client-specific equivalents).
But I did not find a way to check if authentication is required.
Can anyone please help me!
So I finally found a work around by doing:
output = `svn update "#{repo_path}" --non-interactive 2>&1`
check_authentication = output.include?("Authentication failed")
if check_authentication returns true meaning authentication has failed then I build the GUI for entering the new password and send it to the user.

How to make mvn deploy prompt for password?

I'm currently storing my maven credentials in ~/.m2/settings.xml:
<server>
<id>my_server_id</id>
<username>my_username</username>
<password>my_password</password>
</server>
However, I'm not satisfied with having the password in clear text, since the password is used for other services, so I'd rather prompt the user for the password when doing a mvn deploy. I'm deploying to a Nexus OSS install via https.
I know that the password can be encrypted, but since the encryption is reversible, this solution is not appropriate for my case.
Is there a way to make Maven prompt for a password when doing an https deploy?
As mentioned this functionality is currently not supported in the plugin. Issue MDEPLOY-51 actually asks for this improvement:
Allow the user to supply a user name password for a remote server when
the deploy goal is called. Currently you have to add the repository
username and password to the server.xml file. It would be helpful if
the user could be prompted for a username and password on the command
line. The password should be hidden when it is entered.
I would suggest voting for this improvement, or possibly implement the functionality yourself.
The maven-deploy-plugin doesn't have an interactive mode, so no, you can't do this easily. The usual approach is to encrypt the credentials in your settings.xml file.
If you really feel you need this feature, you can always checkout the sources of the plugin and add interactive mode yourself and then contribute it back to the community.
As an alternative to querying the user at run time, you can pass the username and password as args.
Try this mvn whatevergoal -Dusername -Dpassword
then inside the pom.xml ${username} and ${password}

Resources