1

When running a Maven mojo in debug mode (-X), it produces this output:

[DEBUG] Configuring mojo 'at.mic.maven.plugins:release-workflow-maven-plugin:1.0.0:release' with basic configurator -->
[DEBUG]   (f) ... 
[DEBUG]   (f) password = ...
[DEBUG]   (f) user = ...
[DEBUG]   (f) ...
[DEBUG] -- end configuration --

I have defined user and password as Mojo parameters:

@Parameter(property = "password ", required = false)
String password ;

Is there a way to suppress this output of user and password in debug mode? If this is not possible for individual parameters, perhaps it is possible to prevent the complete parameter output? We're running Maven 3.6.3

Thanks in advance! Frank

Frank Winkler
  • 409
  • 6
  • 16
  • 1
    Short answer. No there is not. Apart from that a password should never being used in that way. You should go via `settings.xml` which means using the sec dispatcher instead and furthermore the parts in `settings.xml` can be encrypted. With your setup that is not possible! – khmarbaise Sep 22 '21 at 11:22
  • Thank you! Unfortunately, we need the option to specify user and password as parameters in the command line. So I can only recommend the users of my Maven plugin to avoid the debug option if they don't want to see their password in the log. – Frank Winkler Sep 23 '21 at 08:22
  • The way via command is from security point of view simply wrong... settings.xml is the way (https://maven.apache.org/guides/mini/guide-encryption.html) to go... plain text in a plugin is simply wrong..!! – khmarbaise Sep 23 '21 at 08:48

0 Answers0