Gradle Credentials Plugin - gradle-credentials-plugin
Plugin Introduction
gradle-credentials-plugin is a Gradle plugin that stores and accesses encrypted credentials using password-based encryption (PBE).
This plugin lets you configure authentication tokens, passwords, and account values in a Gradle build script in encrypted form, without exposing them directly.
The official repository is as follows.
Basic Plugin Configuration
Create a Credentials Example Program
First, create a project.
% mkdir gradle-credentials-plugin-tutorial
% cd gradle-credentials-plugin-tutorial
% gradle init
Register Credentials
Then register the credentials.
% gradle addCredentials --key username --value devkuma
% gradle addCredentials --key password --value 1234
Check the Registered Credentials
When credentials are registered, they are created and stored in {USER_HOME}/.gradle/gradle.encrypted.properties.
Now check whether the credentials are encrypted.
% cat ~/.gradle/gradle.encrypted.properties
username=GIBlt3gLLDi/nVavN+FNUg\=\=
password=9GFBSZb+e9bVpdLnUCW1GQ\=\=
Write the build.gradle File
Write the build script as follows.
plugins {
id 'nu.studer.credentials' version '3.0'
}
println "Username: ${credentials.forKey('username')}, Password: ${credentials.forKey('password')}"
Verify Decryption
When you run Gradle, you can confirm that the encrypted text is displayed as plain text.
% ./gradlew
> Configure project :
Username: devkuma Password: 1234
... omitted ...
Creating the properties File in a Specific Directory
As mentioned above, when credentials are registered, they are created and stored by default in {USER_HOME}/.gradle/gradle.encrypted.properties.
However, you may want to change the location of the properties file depending on your needs. In that case, use the credentialsLocation option.
Here, using the project from earlier, place the properties file inside the project directory.
Initialize properties
To avoid confusion, delete the gradle.encrypted.properties file in the root ({USER_HOME}) that was created earlier.
% rm ~/.gradle/gradle.encrypted.properties
Register Credentials with a Directory Specified
Then run the credential registration command with the credentialsLocation option added to specify the directory.
% gradle addCredentials --key username --value devkuma -PcredentialsLocation=.
% gradle addCredentials --key password --value 1234 -PcredentialsLocation=.
Here, a dot (.), which means the current location, is specified.
Check the Credentials Registered at the Specified Location
As specified by the credentialsLocation option in the command, you can confirm that ./gradle.encrypted.properties has been created in the current location.
Now check again whether the credentials remain encrypted.
% cat ./gradle.encrypted.properties
username=GIBlt3gLLDi/nVavN+FNUg\=\=
password=9GFBSZb+e9bVpdLnUCW1GQ\=\=
Verify Decryption with the Location Specified
When you run Gradle with the location specified, you can confirm that the encrypted text is displayed as plain text.
% ./gradlew -PcredentialsLocation=.
> Configure project :
Username: devkuma Password: 1234
... omitted ...
References
The example code above can be found on GitHub.