The Liquibase Maven plugin requires us to specify the password of the database schema for which we want to execute a series of database scripts. It seems that the password attribute in the configuration section of the Maven plugin only accepts plain-text passwords. This is absolutely not desirable in enterprise environments. Luckily, we can take advantage of Maven’s standard solution for password encryption, a feature that was introduced in Maven 2.1.0. Follow the six steps below to encrypt the database schema passwords in your POM build files.

1. Create a master password
Nicks-MacBook-Pro:~ Nick$ mvn --encrypt-master-password KtYBh74mpV8z1
2. Store the encrypted master password in ~/.m2/settings-security.xml
3. Encrypt your database schema password
Nicks-MacBook-Pro:~ Nick$ mvn --encrypt-password secret123

The Liquibase Maven plugin cannot directly use the encrypted password. The plugin would just treat it as a plain-text password. We have to make a detour by defining the encrypted password in a <server> element within the settings.xml file.

4. Store the encrypted password in ~/.m2/settings.xml under the <servers> element
5. Include the servers-maven-extension in the build section of your POM file

The servers-maven-extension allows us to reference the content of the above <server> element from our POM files. The password defined in the <server> element is not being treated as plain text.

6. Reference the server’s <password> element in your Liquibase configuration