Skip to content

Encrypting passwords

Jump to bottom Edit New page
rjrudin edited this page Aug 27, 2018 · 8 revisions

It is common to have multiple passwords in your gradle.properties file when using ml-gradle, as there are multiple MarkLogic users that you may need to configure (see Property Reference for a list of the various user roles).

Instead of storing these passwords in plaintext in gradle.properties though, you may want to retrieve them from a location where they're encrypted. A common solution for this with Gradle is to use this Gradle credentials plugin for storing and retrieving encrypted credentials. Googling on "gradle encrypted passwords" will return some other solutions too.

Using the Gradle credentials plugin

Typically in a Gradle project, you define properties in gradle.properties. But with the credentials plugin, you need to populate your properties in a Gradle "ext" block via the "credentials" object that's added by the credentials plugin. The one trick with ml-gradle is that when the ml-gradle plugin is applied (and before any "ext" blocks are processed), ml-gradle has already created connections to the Admin and Manage app servers. So in addition to populating password properties, we also need to re-initialize those connections.

First, let's assume that the value that would normally be assigned to "mlPassword" is instead being managed via the credentials plugin under the key "myPassword":

gradle addCredentials --key myPassword --value somePassword

Next, remove "mlPassword" from any gradle*.properties files, as you no longer want it set in plaintext.

Then, add the following block to your build.gradle file:

ext {
  // Configure properties based on encrypted credentials
  mlManageConfig.password = credentials.myPassword
  mlManageConfig.securityPassword = credentials.myPassword // only needed if setting mlSecurityUsername
  mlAdminConfig.password = credentials.myPassword
  mlAppConfig.restAdminPassword = credentials.myPassword
  mlAppConfig.appServicesPassword = credentials.myPassword

  // Re-initialize the connections to the Admin and Manage servers
  mlManageClient.manageConfig = mlManageConfig
  mlAdminManager.adminConfig = mlAdminConfig
}

Now, when any Gradle task is run, the ml-gradle password properties (stored in the mlManageConfig, mlAdminConfig, and mlAppConfig objects that are referenced above) will be set based on values in the credentials plugin, and the connections to the Admin and Manage servers will be created using these passwords.

Add a custom footer
Add a custom sidebar
Clone this wiki locally