I am using maven jarsigner plugin and ant to make the last part of the deployment to move the jar to the server that I need, I am not using any pipeline tool like jenkins or circle ci.
I don't want to expose my password, so, I set a property in settings.xml maven configuration file with the password like:
<profile>
<id>keystorePassword</id>
<properties>
<keystorePassword>passwordwith&therestofpassword</keystorePassword>
</properties>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
</profile>
Then try to load the property in the pom file when calling the jar signer plugin:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jarsigner-plugin</artifactId>
<version>3.1.0</version>
<executions>
<execution>
<id>sign</id>
<goals>
<goal>sign</goal>
</goals>
</execution>
<execution>
<id>verify</id>
<goals>
<goal>verify</goal>
</goals>
</execution>
</executions>
<configuration>
<keystore>${project.basedir}\${keystorePath}</keystore>
<alias>${aliasName}</alias>
<storepass>${keystorePassword}</storepass>
<certs>true</certs>
<tsa>http://timestamp.digicert.com</tsa>
<storetype>pkcs12</storetype>
</configuration>
</plugin>
However, as you can see the password value has an & (passwordwith&therestofthepassword) and when run the mvn package I having the following error message
[WARNING] 'therestofthepasssword' is not recognized as an internal or external command,
[WARNING] operable program or batch file.
It is splitting the password after the & and seeing therestofthepassword as part of the command
I tried the following approaches all with the same result:
- &
- &
I tried to populate the password using parameter like -DkeystorePassword="passwordwith&therestofthepassword" and it worked fine, however, I do not want to use the parameter to set the password value and I want to use the settings.xml file.
I also tried to set the password directly in the pom.xml file in the storepass tag having the same result.
Is there a way to set the password with special characters in settings.xml
