• We have a better solution for problem described in description section of JIRA ENTESB-7425
• In documentation we can add
  Securely access maven repository in Fabric environment.

There is template versions of both:

• maven-settings.xml
• maven-settings-security.xml

in default profile. Additionally, these files are actually copied to etc/ when container joins fabric, so now it's just a matter of changing these files in default profile (in hawtio for example) and the changes will be propagated to all containers.

There's also new shell command: fabric:maven-password. By default, it prints Maven security settings - it checks all Maven configurations (explicit and implicit) and prints the status, for example:

JBossFuse:karaf@root> fabric:maven-password 
Maven security configuration in Fabric environment defined in io.fabric8.maven and io.fabric8.agent PID.
  Security settings file: /data/servers/jboss-fuse-6.3.0.redhat-311/etc/maven-settings-security.xml
  Encrypted Maven master password: {PMFs1x/vuOMHhjzIZpzst/d5Kpna+WqNu3P15ZcIP8g=}
JBossFuse:karaf@root> fabric:maven-password -d
Maven security configuration in Fabric environment defined in io.fabric8.maven and io.fabric8.agent PID.
  Security settings file: /data/servers/jboss-fuse-6.3.0.redhat-311/etc/maven-settings-security.xml
  Decrypted Maven master password: fabric:changeit

-d - decrypts master Maven password found in security settings.

There are also two additional options to encrypt Maven passwords:
--encrypt-master-password/-emp - encrypts master Maven password, which should be manually added to current settings-security.xml file. Why manually? Because it's used to decrypt ordinary passwords that may be now in use. So user has to be conscious about what he/she's doing.

JBossFuse:karaf@root> fabric:maven-password --encrypt-master-password 
Master Maven password: 
Verify master Maven password: 
Encrypted master Maven password to use in security-settings.xml: {94gq/tbm0IYHZl4M6BstgfnY/iErAy+GKlfXiptLL/Q=}

--ecnrypt-password/-ep - encrypts ordinary Maven password, to be used for server and http proxy authentication configuration. It requires configured master Maven password. For example:

JBossFuse:karaf@root> fabric:maven-password --encrypt-password 
Looking up master Maven password in /data/servers/jboss-fuse-6.3.0.redhat-311/etc/maven-settings-security.xml... Done!
Maven password: 
Verify Maven password: 
Encrypted Maven password to use in settings.xml for server and proxy authentication: {WCUxIVlatO4HZG2xrqtVBziJIeDTTuVK1oCNEA2eKEQ=}

There's also one quirk. If you modify one of the above files inside default profile, there'll be no automatic reload of these files - that's how the profiles work. Only PID configuration changes lead to restart of related SCR components or blueprint containers. So in order to pick up the changes you have to:

• refresh default profile, so fabric-agent will use changed configuration
• restart fabric-maven bundle to make changes available for mvn: URI handler and fabric-maven-proxy

If we summarize following configuration has to modifed:

• User has to configure io.fabric8.agent.properties/org.ops4j.pax.url.mvn.repositories in default profile as:

  org.ops4j.pax.url.mvn.repositories= http://localhost:8081/repository/maven-releases@id=nexus
  

• Than he needs to edit settings.xml for server authentication with maven-password as created above.

    
  <servers>
      <server>
          <id>nexus</id>
          <username>developer</username>
          <password>{ROfEzDmC46kHzzXhLbVCRImwa5tXZFG+33PvGCnFLUg=}</password>
      </server>
      -----
  </servers>
  

• At last edit security-settings.xml in default profile with content like:

  <settingsSecurity>
    <master>{fvmX0OzPBaAHqgEMK6xjlJSh4frQNL5E5zxbV8vyTWo=}</master>
  </settingsSecurity>