sbt:publish - Do I really need to include credentials in my repo?

I've looked at the example on how to integrate sbt:publish as part of the pipelines you offer 

JfrogDev/sbt-example

One thing that disurbs me is the need to have the credentials inlined in the repo.

This means that anyone with access to the repo can perform the publish operation from their laptop. For obvious reasons it's rather undesirable to allow anyone to push code to the binary repo. 

With sbt one normally uses the ~/.ivy2/.credentials file to contain the credentials needed to push binaries to e.g. Artifactory.
Using e.g. Jenkins one configures the user running Jenkins with the correct access rights thus only the Jenkins user/process is allowed to push binaries.

Is there no way as admin of a project/repo I can set the credentials outside the repo to be used by the build pipeline?

0 answers

Suggest an answer

Log in or Join to answer
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

649 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot