I'm running
mvn release:prepare -Dusername=myuser -Dpassword=mypassword
and see lines in output:
[INFO] Executing: cmd.exe /X /C "git push https://myuser:********@myserver.com:8081/scm/project/project.git refs/heads/master:refs/heads/master"
but if for some reason git push
failed(e.g. I made a mistake typing password) then I see in log
[ERROR] fatal: unable to access 'https://myuser:mypassword@myserver.com:8081/scm/project/project.git/': SSL certificate problem: self signed certificate in certificate chain
So I see PLAINTEXT password. As I use this step on Teamcity it causes security problems when someone else can see my password if build failed. I tried both on Linux and Windows machines.
I use maven-release-plugin version 2.5.3.
Anybody knows how to fix it?
Use another git provider in the release plugin. I had this exact same problem when switching to another git server. Suddenly the Jenkins password was showing up in the build logs, even if there were no errors. Perhaps the git servers are using different authentication schemes.
This worked for me:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-release-plugin</artifactId>
<version>2.5.3</version>
<configuration>
<providerImplementations>
<git>jgit</git>
</providerImplementations>
</configuration>
<dependencies>
<dependency>
<groupId>org.apache.maven.scm</groupId>
<artifactId>maven-scm-provider-jgit</artifactId>
<version>1.9.5</version>
</dependency>
</dependencies>
</plugin>
This problem was fixed about 6 months ago, according to this.