Git Credentials should be injected through properties file

[jtwalraven]

Git credentials (in the case that Git is not installed on the system) should be injected through the properties file, that way credentials are not published to the git repository. This could be a serious security issue for people that need it.

[ErnestOrt]

Sure. Although if this information is stored on properties file, it will be published also to the git repository.

So this is the proposal:

• Manage this information on settings view
• Storing it on settings.txt (file where is used to store application state: mvn location, ms definition...)

Sounds good @JTWalraven ?

Looking/evaluating best way to protect credentials wherever.

[jtwalraven]

@ErnestOrt Sorry, I should clarify. I mean to pass it in through the properties using Environment variable injection. For example:

trampoline.git.username=${TRAMPOLINE_GIT_USERNAME}
trampoline.git.password=${TRAMPOLINE_GIT_PASSWORD}

[jtwalraven]

I think it would be a good idea to have both the option to pass it in as well as a settings panel. This way, you have an easy to use interface, but you also have a way for automated tools to pass in credentials through environment variables without having to modify any specialized files.

[jtwalraven]

I love the design btw! It looks good.

[ErnestOrt]

Thanks @JTWalraven.

Not sure if it should have a high priority to focus on automated tools under the issue exposed. Moreover, we should think to provide a complete API to be able to interact with automated tools, not only regarding git creds (#24 ).

Let's do the following; under this tiquet we can solve the situation where your credentials are being pushed on github and we create another tiquet to implement a complete API. Make sense?

I've already though and tried a good way to implement it so hopefully tomorrow I am going to summit a PR.

[jtwalraven]

Sounds good! Let me know.