Get rid of WildFly credentials in your pom (wildfly-maven-plugin)

So I wanted to deploy our applications on a remote WildFly instance using the Maven wildfly-maven-plugin.
The most obvious solution might look something like adding

...
<build>
	<plugins>
		<plugin>
			<groupId>org.wildfly.plugins</groupId>
			<artifactId>wildfly-maven-plugin</artifactId>
			<version>1.0.2.Final</version>
			<configuration>
				<hostname>my-remote-wildfly</hostname>
				<username>admin</username>
				<password>secret</password>
			</configuration>
		</plugin>
...

to your Maven pom.xml file. Run mvn wildfly:deploy and it works just fine.
However, I did not like so much the fact that the password is part of the pom.xml. No chance in committing this artifact on GitHub!

The plugin’s documentation did gave me a clue how to fix this. It describes the optional parameter id like this:

“Specifies the id of the server if the user name and password is to be retrieved from the settings.xml file.”

It actually says it all, but for me it took some time to get it right.
The first step is to edit your Maven’s settings.xml (can normally be found at ~/.m2/). Add to the section <servers> a new server definition, for example:

<server>
	<id>remote-wildfly</id>
	<username>admin</username>
	<password>secret</password>
</server>

Please note that remote-wildfly is not the same as my-remote-wildfly, the hostname in the previous example. It only identifies this server definition.
But where do I leave the host name? The host name (and optionally also the port number) still needs to be configured in pom.xml. And how does it knows which server credentials to use? For this, the server id needs to be added to the configuration.
So, that reduces the first example to:

...
<build>
	<plugins>
		<plugin>
			<groupId>org.wildfly.plugins</groupId>
			<artifactId>wildfly-maven-plugin</artifactId>
			<version>1.0.2.Final</version>
			<configuration>
				<id>remote-wildfly</id>
				<hostname>my-remote-wildfly</hostname>
			</configuration>
		</plugin>
...

Nice! No password in our pom.xml. By setting the right file permissions on settings.xml you can now protect your passwords a bit better.

As you can see you will still have some deployment specific details in your pom.xml. The server id and host name are static.
Personally I prefer to pass these settings dynamically to Maven, which makes it more flexible. This can be done by adding some Maven command line arguments:

mvn clean wildfly:deploy -Dwildfly.id=remote-wildfly -Dwildfly.hostname=my-remote-wildfly

Which reduces our plugin definition to:

...
<build>
	<plugins>
		<plugin>
			<groupId>org.wildfly.plugins</groupId>
			<artifactId>wildfly-maven-plugin</artifactId>
			<version>1.0.2.Final</version>
		</plugin>
...

That’s all it takes to get rid of your WildFly credentials in your Maven pom file.