mpoindexter
commented
6 years ago Seems like Nexus itself does this. No plan to fix.
Closed testuser7 closed 5 years ago
mpoindexter
commented
6 years ago Seems like Nexus itself does this. No plan to fix.
DarthHater
commented
6 years ago I am not 100% sure on this, but I know that when you create a repo like for npm, etc... it will blank out the password in the logs. I think this is accomplished by naming it something similar to:
private static final List<String> SENSITIVE_FIELD_NAMES = newArrayList("applicationPassword", "password",
"systemPassword", "secret");That list can be found in /components/nexus-repository/src/main/java/org/sonatype/nexus/repository/config/Configuration.java if you are looking at nexus-public
mpoindexter
commented
6 years ago Based on what @DarthHater says seems like this is at least potentially something that could be dealt with within the plugin. PR's welcome.
mpoindexter
commented
5 years ago @DarthHater - I looked into this a bit more, and it seems like there's not an easy way to make this work without changing the naming of the config attributes.
I'd suggest either making this extensible in core, or maybe at some point in core you could add keypair and passphrase to the list of SENSITIVE_FIELD_NAMES in src/main/java/org/sonatype/nexus/repository/config/Configuration.java
DarthHater
commented
5 years ago That's good feedback @mpoindexter . Tagging in @mcculls as he might know a bit more!
bhamail
commented
5 years ago APT is now part of Nexus Repository Manager. Version 3.17.0 includes the APT plugin by default. If this is still an issue if using 3.17.0 or later please file an issue at https://issues.sonatype.org/. Links to the new source code location are in the top level README.md
Passphrase is visible in logs after save repository configuration.