SECURITY-2156 Encrypt all passwords (even encrypted by Bumblebee) with

Jenkins Secret so they cannot be recovered from XML config file

pom.xml

@@ -1,144 +1,146 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-	<parent>
-		<groupId>org.jenkins-ci.plugins</groupId>
-		<artifactId>plugin</artifactId>
-		<version>2.33</version>
-	</parent>
-	<packaging>hpi</packaging>
-	<artifactId>bumblebee</artifactId>
-	<version>4.1.6-SNAPSHOT</version>
-	<name>Bumblebee HP ALM Plugin</name>
-	<url>https://wiki.jenkins-ci.org/display/JENKINS/Bumblebee+HP+ALM+Plugin</url>
-	<developers>
-		<developer>
-			<id>ali</id>
-			<name>Ali Raza</name>
-			<email>ali.raza@agiletestware.com</email>
-		</developer>
-		<developer>
-			<id>sergey_oplavin</id>
-			<name>Sergey Oplavin</name>
-			<email>sergey.oplavin@agiletestware.com</email>
-		</developer>
-	</developers>
-	<properties>
-		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-		<java.version>1.8</java.version>
-		<java.level>8</java.level>
-		<jenkins.version>2.32.1</jenkins.version>
-		<skipTests>true</skipTests>
-		<bumblebee-client.version>0.1.7-SNAPSHOT</bumblebee-client.version>
-		<mockito.version>1.9.5</mockito.version>
-		<findbugs.failOnError>false</findbugs.failOnError>
-	</properties>
-	<dependencyManagement>
-		<dependencies>
-			<dependency>
-				<groupId>org.kohsuke.stapler</groupId>
-				<artifactId>json-lib</artifactId>
-				<version>2.4-jenkins-3</version>
-				<type>jar</type>
-			</dependency>
-			<dependency>
-				<groupId>org.json</groupId>
-				<artifactId>json</artifactId>
-				<version>20090211</version>
-				<type>jar</type>
-			</dependency>
-			<dependency>
-				<groupId>org.apache.httpcomponents</groupId>
-				<artifactId>httpclient</artifactId>
-				<version>4.5</version>
-				<type>jar</type>
-			</dependency>
-		</dependencies>
-	</dependencyManagement>
-	<build>
-		<plugins>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-compiler-plugin</artifactId>
-				<configuration>
-					<source>${java.version}</source>
-					<target>${java.version}</target>
-					<debug>true</debug>
-				</configuration>
-			</plugin>
-			<plugin>
-				<artifactId>maven-release-plugin</artifactId>
-				<version>2.5.3</version>
-				<dependencies>
-					<dependency>
-						<groupId>org.apache.maven.scm</groupId>
-						<artifactId>maven-scm-provider-gitexe</artifactId>
-						<version>1.8.1</version>
-					</dependency>
-				</dependencies>
-			</plugin>
-		</plugins>
-	</build>
-	<scm>
-		<connection>scm:git:ssh://github.com/jenkinsci/bumblebee-plugin.git</connection>
-		<developerConnection>scm:git:ssh://git@github.com/jenkinsci/bumblebee-plugin.git</developerConnection>
-		<url>https://github.com/jenkinsci/bumblebee-plugin</url>
-		<tag>HEAD</tag>
-	</scm>
-	<dependencies>
-		<dependency>
-			<groupId>com.agiletestware</groupId>
-			<artifactId>bumblebee-client</artifactId>
-			<version>${bumblebee-client.version}</version>
-			<exclusions>
-				<exclusion>
-					<groupId>com.opencsv</groupId>
-					<artifactId>opencsv</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>com.vladsch.flexmark</groupId>
-					<artifactId>flexmark</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>org.freemarker</groupId>
-					<artifactId>freemarker</artifactId>
-				</exclusion>
-				<exclusion>
-					<groupId>javax.xml.bind</groupId>
-					<artifactId>jaxb-api</artifactId>
-				</exclusion>
-			</exclusions>
-		</dependency>
-		<dependency>
-			<groupId>org.mockito</groupId>
-			<artifactId>mockito-all</artifactId>
-			<version>${mockito.version}</version>
-			<scope>test</scope>
-		</dependency>
-	</dependencies>
-	<repositories>
-		<repository>
-			<id>repo.jenkins-ci.org</id>
-			<url>https://repo.jenkins-ci.org/public/</url>
-		</repository>
-		<repository>
-			<id>nexus.agiletestware.com</id>
-			<url>https://nexus.agiletestware.com/repository/maven-public/</url>
-		</repository>
-	</repositories>
-	<pluginRepositories>
-		<pluginRepository>
-			<id>repo.jenkins-ci.org</id>
-			<url>https://repo.jenkins-ci.org/public/</url>
-		</pluginRepository>
-	</pluginRepositories>
-	<distributionManagement>
-		<repository>
-			<id>repo.jenkins-ci.org</id>
-			<url>https://repo.jenkins-ci.org/releases</url>
-		</repository>
-	</distributionManagement>
-	<description>Integrates Jenkins with  HP ALM by automatically publishing test results from Jenkins to HP ALM using Bumblebee (http://www.agiletestware.com)</description>
-</project>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>org.jenkins-ci.plugins</groupId>
+		<artifactId>plugin</artifactId>
+		<version>2.33</version>
+	</parent>
+	<packaging>hpi</packaging>
+	<artifactId>bumblebee</artifactId>
+	<version>4.1.6-SNAPSHOT</version>
+	<name>Bumblebee HP ALM Plugin</name>
+	<url>https://wiki.jenkins-ci.org/display/JENKINS/Bumblebee+HP+ALM+Plugin</url>
+	<developers>
+		<developer>
+			<id>ali</id>
+			<name>Ali Raza</name>
+			<email>ali.raza@agiletestware.com</email>
+		</developer>
+		<developer>
+			<id>sergey_oplavin</id>
+			<name>Sergey Oplavin</name>
+			<email>sergey.oplavin@agiletestware.com</email>
+		</developer>
+	</developers>
+	<properties>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+		<java.version>1.8</java.version>
+		<java.level>8</java.level>
+		<jenkins.version>2.32.1</jenkins.version>
+		<skipTests>true</skipTests>
+		<bumblebee-client.version>0.1.6</bumblebee-client.version>
+		<mockito.version>2.8.9</mockito.version>
+		<powermock.version>1.7.3</powermock.version>
+		<findbugs.failOnError>false</findbugs.failOnError>
+	</properties>
+	<dependencyManagement>
+		<dependencies>
+			<dependency>
+				<groupId>org.kohsuke.stapler</groupId>
+				<artifactId>json-lib</artifactId>
+				<version>2.4-jenkins-3</version>
+				<type>jar</type>
+			</dependency>
+			<dependency>
+				<groupId>org.json</groupId>
+				<artifactId>json</artifactId>
+				<version>20090211</version>
+				<type>jar</type>
+			</dependency>
+			<dependency>
+				<groupId>org.apache.httpcomponents</groupId>
+				<artifactId>httpclient</artifactId>
+				<version>4.5</version>
+				<type>jar</type>
+			</dependency>
+		</dependencies>
+	</dependencyManagement>
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-compiler-plugin</artifactId>
+				<configuration>
+					<source>${java.version}</source>
+					<target>${java.version}</target>
+					<debug>true</debug>
+				</configuration>
+			</plugin>
+			<plugin>
+				<artifactId>maven-release-plugin</artifactId>
+				<version>2.5.3</version>
+				<dependencies>
+					<dependency>
+						<groupId>org.apache.maven.scm</groupId>
+						<artifactId>maven-scm-provider-gitexe</artifactId>
+						<version>1.8.1</version>
+					</dependency>
+				</dependencies>
+			</plugin>
+		</plugins>
+	</build>
+	<scm>
+		<connection>scm:git:ssh://github.com/jenkinsci/bumblebee-plugin.git</connection>
+		<developerConnection>scm:git:ssh://git@github.com/jenkinsci/bumblebee-plugin.git</developerConnection>
+		<url>https://github.com/jenkinsci/bumblebee-plugin</url>
+		<tag>HEAD</tag>
+	</scm>
+	<dependencies>
+		<dependency>
+			<groupId>com.agiletestware</groupId>
+			<artifactId>bumblebee-client</artifactId>
+			<version>${bumblebee-client.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>org.mockito</groupId>
+			<artifactId>mockito-core</artifactId>
+			<version>${mockito.version}</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.powermock</groupId>
+			<artifactId>powermock-api-mockito2</artifactId>
+			<version>${powermock.version}</version>
+			<scope>test</scope>
+		</dependency>
+
+		<dependency>
+			<groupId>org.powermock</groupId>
+			<artifactId>powermock-api-easymock</artifactId>
+			<version>${powermock.version}</version>
+			<scope>test</scope>
+		</dependency>
+
+		<dependency>
+			<groupId>org.powermock</groupId>
+			<artifactId>powermock-module-junit4</artifactId>
+			<version>${powermock.version}</version>
+			<scope>test</scope>
+		</dependency>
+
+	</dependencies>
+	<repositories>
+		<repository>
+			<id>repo.jenkins-ci.org</id>
+			<url>https://repo.jenkins-ci.org/public/</url>
+		</repository>
+		<repository>
+			<id>nexus.agiletestware.com</id>
+			<url>https://nexus.agiletestware.com/repository/maven-public/</url>
+		</repository>
+	</repositories>
+	<pluginRepositories>
+		<pluginRepository>
+			<id>repo.jenkins-ci.org</id>
+			<url>https://repo.jenkins-ci.org/public/</url>
+		</pluginRepository>
+	</pluginRepositories>
+	<distributionManagement>
+		<repository>
+			<id>repo.jenkins-ci.org</id>
+			<url>https://repo.jenkins-ci.org/releases</url>
+		</repository>
+	</distributionManagement>
+	<description>Integrates Jenkins with  HP ALM by automatically publishing test results from Jenkins to HP ALM using Bumblebee (http://www.agiletestware.com)</description>
+</project>