sbt:publish - Do I really need to include credentials in my repo?

I've looked at the example on how to integrate sbt:publish as part of the pipelines you offer 

JfrogDev/sbt-example

One thing that disurbs me is the need to have the credentials inlined in the repo.

This means that anyone with access to the repo can perform the publish operation from their laptop. For obvious reasons it's rather undesirable to allow anyone to push code to the binary repo. 

With sbt one normally uses the ~/.ivy2/.credentials file to contain the credentials needed to push binaries to e.g. Artifactory.
Using e.g. Jenkins one configures the user running Jenkins with the correct access rights thus only the Jenkins user/process is allowed to push binaries.

Is there no way as admin of a project/repo I can set the credentials outside the repo to be used by the build pipeline?

0 answers

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

1,765 views 1 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you