Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • keep SecDispatcher but use 2.1+ (this requires full re-encryption) with one change: require GPG present on workstation (anyway is, if signing or releases happen from workstation) and use GPG Agent to store master password (instead as today, a file on disk). The GPG Agent could prompt once for password and "remember" it for login session duration.
  • Integrate something like https://github.com/gaborbata/jpass
  • Come up with something completely new?

Ideally we should come up with something simple and "cheap" (implementation effort wise), hence my personal preference would be really (mis)use of GPG Agent. IMHO, if Maven user requires encryption of his settings.xml, this would be low barrier to jump. For plaintext users nothing would change, of course.