The Liquibase Maven plugin requires us to specify the password of the database schema for which we want to execute a series of database scripts. It seems that the password attribute in the configuration section of the Maven plugin only accepts plain-text passwords. This is absolutely not desirable in enterprise environments. Luckily, we can take advantage of Maven’s standard solution for password encryption, a feature that was introduced in Maven 2.1.0. Follow the six steps below to encrypt the database schema passwords in your POM build files.

1. Create a master password
Nicks-MacBook-Pro:~ Nick$ mvn --encrypt-master-password KtYBh74mpV8z1
{RIqwhZRFZ9MHE/zW397B1+Ot5LJj+Zw3OZgjFm6RVrg=}
2. Store the encrypted master password in ~/.m2/settings-security.xml
<settingsSecurity>
  <master>{RIqwhZRFZ9MHE/zW397B1+Ot5LJj+Zw3OZgjFm6RVrg=}</master>
</settingsSecurity>
3. Encrypt your database schema password
Nicks-MacBook-Pro:~ Nick$ mvn --encrypt-password secret123
{XGT3mXzvufcHgue0BIP8F5v2TpxvIgP0aTFgNmtvZMA=}

The Liquibase Maven plugin cannot directly use the encrypted password. The plugin would just treat it as a plain-text password. We have to make a detour by defining the encrypted password in a <server> element within the settings.xml file.

4. Store the encrypted password in ~/.m2/settings.xml under the <servers> element
<server>
  <id>demo_prd</id>
  <username>prd_apex_maven_demo</username>
  <password>{XGT3mXzvufcHgue0BIP8F5v2TpxvIgP0aTFgNmtvZMA=}</password>
</server>
5. Include the servers-maven-extension in the build section of your POM file

The servers-maven-extension allows us to reference the content of the above <server> element from our POM files. The password defined in the <server> element is not being treated as plain text.

<build>
  ...
  <extensions>
    ...
    <extension>
      <groupId>com.github.shyiko.servers-maven-extension</groupId>
      <artifactId>servers-maven-extension</artifactId>
      <version>1.3.0</version>
    </extension>
    ...
  </extensions>
  ...
</build>
6. Reference the server’s <password> element in your Liquibase configuration
<configuration>
  ...
  <password>${settings.servers.demo_prd.password}</password>
  ...
</configuration>
Resources
Advertisements