:samples-dir: /home/tcagent1/agent/work/64493a816be20d5a/promote-projects/gradle/build/git-checkout/platforms/documentation/docs/build/working/samples/install/publishing-credentials
:gradle-version: 9.2.0-rc-3

= Publishing Credentials Sample

[.download]
- link:zips/sample_publishing_credentials-groovy-dsl.zip[icon:download[] Groovy DSL]
- link:zips/sample_publishing_credentials-kotlin-dsl.zip[icon:download[] Kotlin DSL]

NOTE: You can open this sample in an link:{userManualPath}/gradle_ides.html#gradle_ides[IDE that supports Gradle].

This sample shows how credentials can be used when publishing artifacts to a Maven repository using link:{userManualPath}/build_environment.html#sec:project_properties[project properties].
This approach allows you to keep sensitive configuration out of your project's source code and inject it only when needed.

The code in the `maven-repository-stub` directory builds a plugin used to stub the Maven repository in order to demonstrate the authentication flow. It expects the following hardcoded credentials on the server stub:
====
include::sample[dir="groovy",files="maven-repository-stub/src/main/java/com/example/MavenRepositoryStub.java[tags=credentials]"]
====

In a real project, your build would point to a private repository for your organization.

The published project has some sample Java code to be compiled and distributed as a Java library.
Gradle build file registers a publication to a Maven repository using provided credentials:
====
include::sample[dir="kotlin",files="build.gradle.kts[tags=publication]"]
include::sample[dir="groovy",files="build.gradle[tags=publication]"]
====

Credentials will be required by the build only if the task requiring them is to be executed - in this case the task publishing to the secure repository.
This allows to build the project without worrying about the credentials.
Try running `./gradlew jar` and it will succeed. Run `./gradlew publish` and it will tell you what is missing right away, without executing the build.
Credentials can and should be kept externally from the project sources and be known only by those having to publish artifacts, perhaps injected by a CI server.

Credential values are provided using Gradle properties and can be passed to the publish task in multiple ways:

* via command-line properties:
=====
----
$ ./gradlew publish -PmySecureRepositoryUsername=secret-user -PmySecureRepositoryPassword=secret-password
----
=====
* via environment variables:
=====
----
$ ORG_GRADLE_PROJECT_mySecureRepositoryUsername=secret-user ORG_GRADLE_PROJECT_mySecureRepositoryPassword=secret-password ./gradlew publish
----
=====
* by setting the properties in `gradle.properties` file:
=====
----
mySecureRepositoryUsername=secret-user
mySecureRepositoryPassword=secret-password
----
=====
and running
=====
----
$ ./gradlew publish
----
=====
The sensitive data is kept outside of the project sources since the `gradle.properties` file can reside in the user's `~/.gradle` directory.

For more information about using Gradle properties, see link:{userManualPath}/build_environment.html#sec:gradle_configuration_properties[Gradle Properties user manual chapter].
