:samples-dir: /home/tcagent1/agent/work/64493a816be20d5a/promote-projects/gradle/build/git-checkout/platforms/documentation/docs/build/working/samples/install/credentials-for-external-tool-via-stdin
:gradle-version: 8.14.3

= Supply credentials to external tool Sample

[.download]
- link:zips/sample_credentials_for_external_tool_via_stdin-groovy-dsl.zip[icon:download[] Groovy DSL]
- link:zips/sample_credentials_for_external_tool_via_stdin-kotlin-dsl.zip[icon:download[] Kotlin DSL]

NOTE: You can open the samples inside an IDE using the https://www.jetbrains.com/help/idea/gradle.html#gradle_import_project_start[IntelliJ native importer] or https://projects.eclipse.org/projects/tools.buildship[Eclipse Buildship].

This sample shows how credentials can be passed to an external tool that normally accepts them via standard input.

Let's pretend that we have to log in to some system before performing some operation.
This could be some external system that requires authentication before allowing us to upload some artifacts.

TIP: This sample assumes that the external tool that requires interactive login does not support any form of non-interactive login.
In reality, many tools provide options to authenticate without prompting the user for input.
Command-line arguments can be passed to the Exec task using the `args` property.

To demonstrate the concept, we will fake the authentication using a bash script that prompts the user for username and password:
====
include::sample[dir="groovy",files="login.sh[]"]
====
It has a hardcoded username/password pair that will result in successful login.
The script can be executed without Gradle - it will mimic a tool that requires an interactive login.

Gradle build file registers two tasks - one performs a login and the other one depends on the login having succeeded:
====
include::sample[dir="kotlin",files="build.gradle.kts[]"]
include::sample[dir="groovy",files="build.gradle[]"]
====

The `login` task declares an input property and connects it with a credentials provider.
The credentials provider will fetch the credentials pieces from the link:{userManualPath}/build_environment.html#sec:project_properties[project properties].

Credentials can be passed to a task in multiple ways:

 * via command-line properties:
=====
----
$ ./gradlew doAuthenticated -PloginUsername=secret-user -PloginPassword=secret-password
----
=====
 * via environment variables:
=====
----
$ ORG_GRADLE_PROJECT_loginUsername=secret-user ORG_GRADLE_PROJECT_loginPassword=secret-password ./gradlew doAuthenticated
----
=====
 * by setting the properties in `gradle.properties` file:
=====
----
loginUsername=secret-user
loginPassword=secret-password
----
=====
and running
=====
----
$ ./gradlew doAuthenticated
----
=====
This way the sensitive data can be kept outside of the project sources - `gradle.properties` can reside in the user's `~/.gradle` directory.
The values are also not echoed anywhere this way.
For more information about using Gradle properties, see link:{userManualPath}/build_environment.html#sec:gradle_configuration_properties[Gradle Properties user manual chapter].

The output with correct credentials will be:
=====
[.sample-command]
----
> Task :login
Enter userame:
Enter password:
Welcome, secret-user!

> Task :doAuthenticated
doAuthenticated

BUILD SUCCESSFUL in 496ms
2 actionable tasks: 2 executed
----
=====

