flyway 2.1.1 FileNotFoundException when using maven encrypted passwords

[flyway]

Original author: jcpet...@gmail.com (March 28, 2013 16:27:19)

I'm happy to see support in flyway for Maven's encrypted passwords, but I'm getting an odd exception when I try to use an encrypted password.

[ERROR] com.googlecode.flyway.core.api.FlywayException: Unable to decrypt password
[ERROR] Caused by java.io.FileNotFoundException: /home/jcpeter/.settings-security.xml (No such file or directory)

It looks as though the problem is really in the component you're using to find the settings-security.xml file. I submitted a pull request to them to correct their component (see here: sonatype/plexus-sec-dispatcher#1) since the Maven guide to password encryption indicates a different location (http://maven.apache.org/guides/mini/guide-encryption.html).

I don't know if flyway can specify the correct location itself or not, but I'd prefer to not have to symlink my maven security settings file as a long-term solution.

Original issue: http://code.google.com/p/flyway/issues/detail?id=468

[flyway]

From axel.fontaine.business@gmail.com on March 30, 2013 19:02:42
Hi Josh,

thanks for digging through this. As a workaround, you can specific a custom file by using mvn -Dsettings.security=my/other/file.xml

Cheers
Axel

[flyway]

From axel.fontaine.business@gmail.com on May 24, 2013 18:28:16
Closing as this is really more of a Maven issue than a Flyway one.

Cheers
Axel

[veeblefetzer]

I understand that the -Dsettings.security argument may be a valid workaround, but this adds more verbosity. Or was that an intention to keep the master key in a "hidden file" inside the current user home directory?
The Maven's default location of the settings-security.xml is in the repository directory ~/.m2.
So why is the plugin's default path pointing to another "default" location path ($HOME/.settings-security.xml)?

[raphaelmueller]

It is not so much the plugin's default path that changed but the way maven initializes plugins and defaults. That said, the flyway Plug-In seems to use some old APIs.

I am no Maven expert, but this it what it lookes like to me:

Essentially in the Maven 2.x API that is used by flyway the default path is "~/.settings-security.xml".
You can see this here:
https://github.com/sonatype/plexus-sec-dispatcher/blob/master/src/main/java/org/sonatype/plexus/components/sec/dispatcher/DefaultSecDispatcher.java#L64

In the new Maven 3.x API another class should be used, I think it is this one:
https://github.com/apache/maven/blob/master/maven-settings-builder/src/main/java/org/apache/maven/settings/crypto/DefaultSettingsDecrypter.java#L46

The default location of the security file is set via injection to "~/.m2/settings-security.xml" at the SecDispatcher.
The injection configuration is done by Plexus and can be seen here:
https://github.com/apache/maven/blob/master/maven-core/src/main/resources/META-INF/plexus/components.xml#L130

I guess updating the Plug-In to use the Maven 3.x API would fix the problem.

[axelfontaine]

@raphaelmueller Thanks for the hint. That was very helpful for the migration!