0
votes

I am setting up Maven process using Nexus, and looking for suggestions around using Nexus server credentials in Maven settings.xml.

Nexus has been configured to reject anonymous access i.e. every request would need to be authenticated through Active Directory. Maven settings.xml has a section for username and password, and I know encrypted passwords can be placed there.

But my question is: Should individual developers be using their own userid/password to connect to Nexus through Maven (and thus putting their own passwords in settings.xml) OR should I create a read-only Nexus internal user with just read/browse privilege, encrypt it once, make a standardized settings.xml, which will then work for every developer ? Deployments will anyway happen through a CI server, so I am not worried about developers doing deployments to Nexus repo.

1

1 Answers

0
votes

Every developer should have their own individual authentication token in their settings.xml.

We use Nexus as our in-house Maven repository. I generated a token for Nexus and added it to my settings.xml. Every other developer is expected to do the same.

The CI/CD pipeline should have its own credential as well.