I would like to use Maven's password encryption such as it uses for nodes for properties of a Mojo. I tried just pasting an encrypted password into the correct property for the mojo, but it treated it as plain text. I was hoping there was an attribute I could set on the annotation for the Mojo property that would explain that it could be encrypted, and if so, to use the system master password to decrypt, but I don't see anything in the documentation for that.
Has anybody managed to use Maven's password encryption for anything other than server password nodes? Would love to make this work for my Mojo.
When you run a Maven build that needs to interact with the repository manager, Maven will retrieve the Master password from the ~/. m2/settings-security. xml file and use this master password to decrypt the password stored in your ~/. m2/settings.
How to create a master password. Use the following command line: mvn --encrypt-master-password <password>
Passwords are encrypted by the MD5 hash algorithm before they are stored in the directory. Passwords are encrypted by the SHA-1 encrypting algorithm before they are stored in the directory.
You can enable strong, reversible 128-bit Advanced Encryption Standard (AES) password encryption, also known as type-6 encryption. To start using type-6 encryption, you must enable the AES password encryption feature and configure a primary encryption key, which is used to encrypt and decrypt passwords.
Not a complete answer, but hopefully a pointer in the right direction...
The maven-scm-plugin, maven-release-plugin, and tomcat6-maven-plugin all allow for reading passwords from the <servers> section of the ${user.home}/.m2/settings.xml file.  
Perhaps if you look at the source code for those plugins/goals, you will find a Maven core or shared component that allows you to do what you want, and you may adapt it for your needs.
@user944849 got me started in the right direction, and here's the solution.
If you're using Maven 2, you need to add the following dependency to your mojo:
<dependency>
  <groupId>org.sonatype.plexus</groupId>
  <artifactId>plexus-sec-dispatcher</artifactId>
  <version>1.4</version>
  <scope>compile</scope>
</dependency>
And put the following in src/main/resources/META-INF/plexus/components.xml:
<?xml version="1.0" encoding="utf-8" ?>
<component-set>
  <components>
    <component>
      <role>org.sonatype.plexus.components.sec.dispatcher.SecDispatcher</role>
      <role-hint>mng-4384</role-hint>
      <implementation>org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher</implementation>
      <requirements>
        <requirement>
          <role>org.sonatype.plexus.components.cipher.PlexusCipher</role>
          <role-hint>mng-4384</role-hint>
          <field-name>_cipher</field-name>
        </requirement>
      </requirements>
      <configuration>
        <_configuration-file>~/.m2/settings-security.xml</_configuration-file>
      </configuration>
    </component>
    <component>
      <role>org.sonatype.plexus.components.cipher.PlexusCipher</role>
      <role-hint>mng-4384</role-hint>
      <implementation>org.sonatype.plexus.components.cipher.DefaultPlexusCipher</implementation>
    </component>
  </components>
</component-set>
Then in your Mojo, get the password as an ordinary property, and a SecDispatcher as a component with the same roleHint. The decrypt method on the String will return the string itself if it's not a Maven encrypted string.
import org.apache.maven.plugin.AbstractMojo;
import org.apache.maven.plugin.MojoExecutionException;
import org.sonatype.plexus.components.sec.dispatcher.SecDispatcher;
import org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException;
/**
 * @goal echopass
 * 
 * @phase process-sources
 */
public class MyMojo extends AbstractMojo {
  /**
  * The password
  * @parameter expression="${password}"
  */
  private String password;
  /**
   * Plexus component for the SecDispatcher
   * @component roleHint="mng-4384"
   */
  private SecDispatcher secDispatcher;
  private String decrypt(String input) {
    try {
      return secDispatcher.decrypt(input);
    } catch (SecDispatcherException sde) {
      getLog().warn(sde.getMessage());
      return input;
    }
  }
  public void execute() throws MojoExecutionException {
    String s = decrypt(password);
    getLog().info("The password is " + s);
  }
}
The string can be in a property in settings.xml, in a Profile, or you can even pass an encrypted string as a system property on the command-line.
References:
Take a look at this code as a sample SqlExecMojo. If you are in a plugin you can get the password and decrypt it. If you want to use it for filtering properties in the resource plugin we would probably need to write a custom version of the resources plugin. I have a similar problem may end up doing this.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With