Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Build Status Coverage Status Download Stories in Ready Stories in Progress Apache License 2

SEU-as-code Credentials Plugin

A Gradle plugin for the secure storage of your credentials using the Windows Data Protection API (DPAPI) or the macOS key store.


Build script snippet for use in all Gradle versions, using the Bintray Maven repository:

buildscript {
    repositories {
        maven {
            url ''
    dependencies {
        classpath ''

apply plugin: ''

Build script snippet for new, incubating, plugin mechanism introduced in Gradle 2.1:

plugins {
    id '' version '2.7.0'


The plugin defines the following tasks:

Task name Depends on Type Description
setCredentials - SetCredentialsTask Sets the credentials for a service. Invoke with --service [Name of service] parameter.
displayCredentials - DisplayCredentialsTask Displays the credentials for a service of a credential. Invoke with --service [Name of service] parameter.
clearCredentials - ClearCredentialsTask Clears the credentials for a service. Invoke with --service [Name of service] parameter.

Extension Properties

The plugin defines the following extra extension properties:

Property name Type Default value Description
credentials Credentials - Object to query credentials. Invoke the String get(String service) method to get the credentials with the service name service.


First add the credentials for the nexus service by invoking one of the following Gradle tasks, you will be asked for the username and password on the Console:

$ ./gradlew setCredentials --service nexus
$ ./gradlew setCredentials --service nexus --username fooUser

Now you can use this credential information in your build script, e.g. in the repositories section, as follows:

    repositories {
        maven {
            url nexusUrl
            credentials {
                // use array type access to credentials via service name
                username project.credentials['nexus'].username
                password project.credentials['nexus'].password

                // use getter access to credentials via service name
                username project.credentials.get('nexus').username
                password project.credentials.get('nexus').password

                // or use string interpolation
                username "${credentials['nexus'].username}"
                password "${credentials['nexus'].password}"

How does this work?

The plugin currently supports Windows and macOS as operating systems. The plugin uses the platform mechanisms to encrypt and decrypt sensitive data by calling the responsible native libraries using JNA bindings.

On Windows the plugin creates a property file named in your Gradle home directory (defaults to ~/.gradle). In that property file the credentials are securely stored. The key of the credential is stored in plaintext, while the value of the credential is encrypted using the Windows Data Protection API (DPAPI).

On macOS the plugin securely stores the credentials using the default key store mechanism.


Moritz Kammerer (@phxql)

M.-Leander Reimer (@lreimer)


This software is provided under the Apache License, Version 2.0 license. See the LICENSE file for details.

You can’t perform that action at this time.