Q. sbt maintains plain text passwords in settings.xml and credential files. How do we prevent exposure of such passwords?
The underlying Maven tool chain supports encrypted credentials. You can also use interpolation from environment variables instead so that you don't store them configuration files. We also support authentication by de-privileged entitlement tokens (i.e. read-only specific access) to minimize exposure.
Contact us here. We're always happy to help!
Updated over 2 years ago