How to manage password in settings.xml of maven in Jenkins

Question

We use a settings.xml as 'managed file' (Global Maven settings.xml) in Jenkins.

<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers>
    <server>
        <id>xxxreleases</id>
        <username>user</username>
        <password>plaintextpasswd</password> 
    </server>
    <server>
        <id>xxxsnapshots</id>
        <username>user</username>
        <password>plaintextpasswd</password>
    </server>
    ..

It contains passwords for servers and profiles in plain text. How can we encrypt or hide this password in this configuration without editing every Jenkins job (there are many jobs which are using this .xml file and it's working fine).

Answer 1

The right way to do this is to store the ID and password in the Jenkins Credentials store. Then you can inject the ID and Password into the environment either in a pipeline job using the environment{} block like:

environment{
    USER_CREDS = credentials('credential_id')
}

This will create 3 environment variables USER_CREDS (contains user:password), USER_CREDS_USR, and USER_CREDS_PSW.

With a freestyle job, use the Credential Binding Plugin to get the ID and password into the environment. Then you can use Maven's mechanism for accessing environment variables (I believe it is something like ${env.USER_CREDS_USR}).

Doing it this way makes it easy for developers to do local builds as well. They just have to set the environment variables in their local build environment.