If you are getting involved in a project using ml-gradle, this tip should come in handy if you are not allowed to put passwords (especially the admin password!) in plain text. Without this restriction, you may have multiple passwords in your gradle.properties file if there are multiple MarkLogic users that you need to configure. Instead of storing these passwords in gradle.properties, you can retrieve them from a location where they’re encrypted using this Gradle credentials plugin, used for storing and retrieving encrypted credentials.
Protecting Passwords
Start by enabling the credential plugin in your gradle build:
buildscript { dependencies { classpath 'nu.studer:gradle-credentials-plugin:1.0.4' } } } apply plugin: 'nu.studer.credentials'
Now you can add the password(s) to the credential store:
gradle addCredentials --key mlPassword --value somePassword
Here, we assume the admin username does not need to be secured and can still be visible in gradle.properties:
mlUsername=admin
Next, remove mlPassword
from any gradle*.properties files, if you don’t plan to use this property. If you plan to use this property, such as in a custom Gradle task after the ext
block is processed, simply keep the property and set the value to some placeholder text, such as mlPassword=NoneSetYet
.
In the ext
block in your build.gradle file, add the following content using the credentials
object added by the plugin. Note that when the ml-gradle plugin is applied (and before any ext
blocks are processed), ml-gradle has already created connections to the Admin and Manage app servers. So in addition to populating password properties, we also need to re-initialize those connections.
ext { // Configure properties based on encrypted credentials mlManageConfig.password = credentials.mlPassword mlManageConfig.securityPassword = credentials.mlPassword// only needed if setting mlSecurityUsername mlAdminConfig.password = credentials.mlPassword mlAppConfig.restAdminPassword = credentials.mlPassword mlAppConfig.appServicesPassword = credentials.mlPassword // Re-initialize the connections to the Admin and Manage servers mlManageClient.manageConfig = mlManageConfig mlAdminManager.adminConfig = mlAdminConfig }
Note that the credentials plugin is only supported up to Java 8.
Another Tip for Passwords
(The CDATA credits go to Peter Kester)
Often, when you are creating a user in MarkLogic, the user password may contain invalid characters, like “&”, that may result in a malformed XML. To avoid sending malformed XML to MarkLogic, wrap the password data with in a CDATA section.
<user-properties xmlns="http://marklogic.com/manage"> <user-name>your-user</user-name> <password><![CDATA[%%YOUR_USER_PWD%%]]></password> </user-properties>
Next, add the password via:
gradle.bat addCredentials --key yourUserPassword --value very&secret
Finally, add the token mapping to the ext
block:
ext { customTokens.put("%%YOUR_USER_PWD%%", credentials.yourUserPassword) }
Note that certain characters can give you a similar issue if you are using JSON, like single and double quotes. If you run into this issue, consider switching to XML.
Additional Resources
- Read up on the ml-gradle tool wiki
- Watch a video tutorial on Protecting Passwords in ml-gradle