Skip to content

Encrypting passwords

Jump to bottom Edit New page
rjrudin edited this page Aug 14, 2018 · 8 revisions

It is common to have multiple passwords in your gradle.properties file when using ml-gradle, as there are multiple MarkLogic users that you may need to configure (see Property Reference for a list of the various user roles).

Instead of storing these passwords in plaintext in gradle.properties though, you may want to retrieve them from a location where they're encrypted. A common solution for this with Gradle is to use this Gradle credentials plugin for storing and retrieving encrypted credentials. Googling on "gradle encrypted passwords" will return some other solutions too.

Using the Gradle credentials plugin

Typically in a Gradle project, you define properties in gradle.properties. But with the credentials plugin, you need to populate your properties in a Gradle "ext" block via the "credentials" object that's added by the credentials plugin. The one trick with ml-gradle is that when the ml-gradle plugin is applied (and before any "ext" blocks are processed), ml-gradle has already created connections to the Admin and Manage app servers. So in addition to populating password properties, we also need to re-initialize those connections.

First, let's assume that the value that would normally be assigned to "mlPassword" is instead being managed via the credentials plugin under the key "myPassword":

gradle addCredentials --key myPassword --value somePassword

Next, remove "mlPassword" from any gradle*.properties files, as you no longer want it set in plaintext.

Then, add the following block to your build.gradle file:

ext {
  // Configure properties based on encrypted credentials
  mlPassword = credentials.myPassword
  mlManageConfig.password = credentials.myPassword
  mlManageConfig.securityPassword = credentials.myPassword // only needed if setting mlSecurityUsername
  mlAdminConfig.password = credentials.myPassword

  // Re-initialize the connections to the Admin and Manage servers
  mlManageClient.manageConfig = mlManageConfig
  mlAdminManager.adminConfig = mlAdminConfig
}

Now, when any Gradle task is run, the ml-gradle password properties will be set based on values in the credentials plugin, and the connections to the Admin and Manage servers will be created using these passwords.

Note that if you have different values for other password properties - like mlRestAdminPassword and mlAppServicesPassword - you'll need to populate those in the "ext" block above too.

Add a custom footer
Add a custom sidebar
Clone this wiki locally