maven release plugin release.properties file contains unencrypted password -

maven release plugin release.properties file contains unencrypted password -

i'm running maven release plugin (org.apache.maven.plugins:maven-release-plugin:2.3.2) , noticed password scm saved in clear text in release.properties file when passed in via command line. want know if there way turn off.

i'm using hudson automate release process, , svn username , password passed in command line via hudson. reason person doing release preparation can alter , have multiple hudson jobs sharing settings.xml release different projects.

i'm passing in parameters such as: -dtag=${svn.label} -dreleaseversion=${maven.releaseversion} -ddevelopmentversion=${maven.developmentversion} -dusername=${svn.username} -dpassword=${svn.password} -dscmcommentprefix='[maven-release-plugin] ${env.build_url} '

the release.properties file gets created during release:prepare, don't think should necessary i'm passing in info along command line. when release.properties file created includes password in plain text. problematic because it's possible utilize hudson browse workspace, access hudson can see password opening file via browser.

is there way not create release.properties file, or not save password in file? realize encrypted password saved in settings.xml file file shared among multiple jobs , not editable people running jobs.

we avoided such problems letting svn-client caching password us.

for purpose have special business relationship adequate rights in subversion.

on our build server password stored plain text svn-client in business relationship user runs hudson. it's no problem because hudson administrators have access account.

but can configure svn-client store password encrypted. configuration depends on operating system.

svn-client configuration stored in .subversion (linux) or "applicationdata/subversion" (windows).

see here, here or here.

maven-release-plugin