How to use Jenkins credentials when running `mvn deploy`?

Question

I have a Maven project and want to build it using mvn clean deploy so that the built artifact is deployed into a Nexus repository.

The access data (username and password) for that repository are stored in Jenkins credentials.

I want to call mvn deploy in Jenkins so that the credentials for that Nexus repository are read from Jenkins (not hardcoded in settings.xml).

How can I do it, if I cannot access settings.xml on the Jenkins server?

Update 1:

I created an entry in "Config File Management" (JENKINS_URL/configfiles/index) with following data:

Type: Maven settings.xml

Replace All: Yes

Server ID: myServer

Credentials: Credentials for the Nexus repository

Content:

<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" 
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">

  <servers>
    <server>
      <id>myServer</id>
      <username>foo</username>
      <password>bar</password>
    </server>
  </servers>
</settings>

myServer is also used in the pom.xml of the artifact I want to build:

    <distributionManagement>
        <repository>
            <id>myServer</id>
            <url>http://nexus.mycompany.com</url>
        </repository>
    </distributionManagement>

In the configuration of the job, I include those settings as shown below. Nexus settings.xml is the configuration from "Config File Management".

But it does not work -- I get "Forbidden" error when the build attempts to deploy artifacts to Nexus.

Update 2: When I run mvn -X deploy locally with the same credentials as in Jenkins (stored in my local settings.xml), I see following output:

[DEBUG] Failed to decrypt password for server XXX release repository: org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException: java.io.FileNotFoundException: /XXXXXXXXXXXXXXX/.m2/settings-security.xml (No such file or directory)
org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException: org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException: java.io.FileNotFoundException: /XXXXXXXXXXXXXXX/.m2/settings-security.xml (No such file or directory)
    at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt(DefaultSecDispatcher.java:121)
    at org.apache.maven.settings.crypto.DefaultSettingsDecrypter.decrypt(DefaultSettingsDecrypter.java:107)
    at org.apache.maven.settings.crypto.DefaultSettingsDecrypter.decrypt(DefaultSettingsDecrypter.java:63)
    at org.apache.maven.internal.aether.DefaultRepositorySystemSessionFactory.newRepositorySession(DefaultRepositorySystemSessionFactory.java:165)

However, the password in settings.xml is not encrypted at all:

<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                  https://maven.apache.org/xsd/settings-1.0.0.xsd">
<localRepository/>
<interactiveMode/>
<offline/>
<pluginGroups/>
<servers>
  <server>
    <id>NEXUS_REPOSITORY_SNAPSHOTS</id>
    <username>user</username>
    <password>password</password>
  </server>
</servers>
<mirrors/>
<proxies/>
<profiles/>
<activeProfiles/>
</settings>

I found a report about similar error here.

Answer 1

You can use the Jenkins config-file-provider plugin ( link: https://plugins.jenkins.io/config-file-provider/ ) to create one or several Maven settings.xml files.

NOTE: Really this helps also if you need differents settings.xml for different projects.

Then on the maven deploy step of your Jenkins project you can select to point to one of the settings.xml files defined ( instead of pointing to the general Jenkins server /.m2/settings.xml )