The Liquibase Maven plugin requires us to specify the password of the database schema for which we want to execute a series of database scripts. It seems that the password attribute in the configuration section of the Maven plugin only accepts plain-text passwords. This is absolutely not desirable in enterprise environments. Luckily, we can take advantage of Maven’s standard solution for password encryption, a feature that was introduced in Maven 2.1.0. Follow the six steps below to encrypt the database schema passwords in your POM build files.
1. Create a master password
Nicks-MacBook-Pro:~ Nick$ mvn --encrypt-master-password KtYBh74mpV8z1 {RIqwhZRFZ9MHE/zW397B1+Ot5LJj+Zw3OZgjFm6RVrg=}
2. Store the encrypted master password in ~/.m2/settings-security.xml
<settingsSecurity> <master>{RIqwhZRFZ9MHE/zW397B1+Ot5LJj+Zw3OZgjFm6RVrg=}</master> </settingsSecurity>
3. Encrypt your database schema password
Nicks-MacBook-Pro:~ Nick$ mvn --encrypt-password secret123 {XGT3mXzvufcHgue0BIP8F5v2TpxvIgP0aTFgNmtvZMA=}
The Liquibase Maven plugin cannot directly use the encrypted password. The plugin would just treat it as a plain-text password. We have to make a detour by defining the encrypted password in a <server> element within the settings.xml file.
4. Store the encrypted password in ~/.m2/settings.xml under the <servers> element
<server> <id>demo_prd</id> <username>prd_apex_maven_demo</username> <password>{XGT3mXzvufcHgue0BIP8F5v2TpxvIgP0aTFgNmtvZMA=}</password> </server>
5. Include the servers-maven-extension in the build section of your POM file
The servers-maven-extension allows us to reference the content of the above <server> element from our POM files. The password defined in the <server> element is not being treated as plain text.
<build> ... <extensions> ... <extension> <groupId>com.github.shyiko.servers-maven-extension</groupId> <artifactId>servers-maven-extension</artifactId> <version>1.3.0</version> </extension> ... </extensions> ... </build>
6. Reference the server’s <password> element in your Liquibase configuration
<configuration> ... <password>${settings.servers.demo_prd.password}</password> ... </configuration>
test
LikeLike