Password encryption in the Liquibase Maven plugin

The Liquibase Maven plugin requires us to specify the password of the database schema for which we want to execute a series of database scripts. It seems that the password attribute in the configuration section of the Maven plugin only accepts plain-text passwords. This is absolutely not desirable in enterprise environments. Luckily, we can take advantage of Maven’s standard solution for password encryption, a feature that was introduced in Maven 2.1.0. Follow the six steps below to encrypt the database schema passwords in your POM build files.

1. Create a master password

Nicks-MacBook-Pro:~ Nick$ mvn --encrypt-master-password KtYBh74mpV8z1
{RIqwhZRFZ9MHE/zW397B1+Ot5LJj+Zw3OZgjFm6RVrg=}

2. Store the encrypted master password in ~/.m2/settings-security.xml

<settingsSecurity>
  <master>{RIqwhZRFZ9MHE/zW397B1+Ot5LJj+Zw3OZgjFm6RVrg=}</master>
</settingsSecurity>

3. Encrypt your database schema password

Nicks-MacBook-Pro:~ Nick$ mvn --encrypt-password secret123
{XGT3mXzvufcHgue0BIP8F5v2TpxvIgP0aTFgNmtvZMA=}

The Liquibase Maven plugin cannot directly use the encrypted password. The plugin would just treat it as a plain-text password. We have to make a detour by defining the encrypted password in a <server> element within the settings.xml file.

4. Store the encrypted password in ~/.m2/settings.xml under the <servers> element

<server>
  <id>demo_prd</id>
  <username>prd_apex_maven_demo</username>
  <password>{XGT3mXzvufcHgue0BIP8F5v2TpxvIgP0aTFgNmtvZMA=}</password>
</server>

5. Include the servers-maven-extension in the build section of your POM file

The servers-maven-extension allows us to reference the content of the above <server> element from our POM files. The password defined in the <server> element is not being treated as plain text.

<build>
  ...
  <extensions>
    ...
    <extension>
      <groupId>com.github.shyiko.servers-maven-extension</groupId>
      <artifactId>servers-maven-extension</artifactId>
      <version>1.3.0</version>
    </extension>
    ...
  </extensions>
  ...
</build>

6. Reference the server’s <password> element in your Liquibase configuration

<configuration>
  ...
  <password>${settings.servers.demo_prd.password}</password>
  ...
</configuration>

	APEX-poznámky… on Recover a deleted APEX page or…
	tienthanhpham on HTML5 camera integration in Or…
	Dirk on Version 3.0 of the Select2 APE…
	Nick Buytaert on Version 3.0 of the Select2 APE…
	Dirk on Version 3.0 of the Select2 APE…

APEXPLAINED

Ohh my… yet another silly word play on APEX

Password encryption in the Liquibase Maven plugin

1. Create a master password

2. Store the encrypted master password in ~/.m2/settings-security.xml

3. Encrypt your database schema password

4. Store the encrypted password in ~/.m2/settings.xml under the <servers> element

5. Include the servers-maven-extension in the build section of your POM file

6. Reference the server’s <password> element in your Liquibase configuration

Resources

2 thoughts on “Password encryption in the Liquibase Maven plugin”

1. Create a master password

2. Store the encrypted master password in ~/.m2/settings-security.xml

3. Encrypt your database schema password

4. Store the encrypted password in ~/.m2/settings.xml under the <servers> element

5. Include the servers-maven-extension in the build section of your POM file

6. Reference the server’s <password> element in your Liquibase configuration

Resources

Share this:

Like this:

Related

2 thoughts on “Password encryption in the Liquibase Maven plugin”