Use a settings file with properties controlling the Nexus credentials:

使用具有控制 Nexus 凭据的属性的设置文件：

<ivysettings>
    <property name="repo.host" value="default.mycompany.com" override="false"/>
    <property name="repo.realm" value="Sonatype Nexus Repository Manager" override="false"/>
    <property name="repo.user" value="deployment"  override="false"/>
    <property name="repo.pass" value="deployment123"  override="false"/>          

    <credentials host="${repo.host}" realm="${repo.realm}" username="${repo.user}" passwd="${repo.pass}"/>

    ..
    ..
</ivysettings>

When you run the build you can then specify the true username and password:

当您运行构建时，您可以指定真实的用户名和密码：

ant -Drepo.user=mark -Drepo.pass=s3Cret

Update/Enhancement

更新/增强

Storing passwords as properties on the file system requires encryption.

将密码作为属性存储在文件系统上需要加密。

Jasypthas a command-line program that can generate encrypted strings:

Jasypt有一个可以生成加密字符串的命令行程序：

$ encrypt.sh verbose=0 password=123 input=s3Cret
hXiMYkpsPY7j3aIh/2/vfQ==

This can be saved in the build's property file:

这可以保存在构建的属性文件中：

username=bill
password=ENC(hXiMYkpsPY7j3aIh/2/vfQ==)

The following ANT target will decrypt any encrypted ANT properties:

以下 ANT 目标将解密任何加密的 ANT 属性：

<target name="decrypt">
    <taskdef name="groovy" classname="org.codehaus.groovy.ant.Groovy" classpathref="build.path"/>

    <groovy>
    import org.jasypt.properties.EncryptableProperties
    import org.jasypt.encryption.pbe.StandardPBEStringEncryptor

    StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor()
    encryptor.setPassword(properties["master.pass"])

    Properties props = new EncryptableProperties((Properties)properties, encryptor);

    props.propertyNames().each {
        properties[it] = props.getProperty(it)
    }
    </groovy>
</target>

Of course to make this work, the password used for encrypting the properties needs to be specified as part of the build.

当然，要完成这项工作，需要在构建过程中指定用于加密属性的密码。

ant -Dmaster.pass=123

This means the solution is only good for hiding data at rest.

这意味着该解决方案仅适用于隐藏静态数据。

For my purposes the command-line credentials weren't an option because I'm running through Jenkins and they'd be clearly pasted on the build output, so here was my solution which strikes a balance by being reasonably secure.

出于我的目的，命令行凭据不是一个选项，因为我正在运行 Jenkins 并且它们会清楚地粘贴在构建输出上，所以这是我的解决方案，它通过合理安全来取得平衡。

• Create a properties file in your home directory that contains the sensitive information (we'll call it "maven.repo.properties")

  repo.username=admin
  repo.password=password
  

• Near the top of your build file, import the property file

  <property file="${user.home}/maven.repo.properties"/>
  

• In your publish target under build.xml, set your ivy settings file location (which does get checked in to code control) but embed your credential properties

  <target name="publish">
      <ivy:settings file="ivysettings.xml">
          <credentials host="repohostname" realm="Artifactory Realm" username="${repo.username}" passwd="${repo.password}"/>
      </ivy:settings>
      <!-- ivy:makepom and ivy:publish targets go here -->
  </target>
  

• Create your ivysettings.xml just as you did before, but strip out the username and passwd attributes

• 在您的主目录中创建一个包含敏感信息的属性文件（我们将其称为“maven.repo.properties”）

  repo.username=admin
  repo.password=password
  

• 在构建文件的顶部附近，导入属性文件

  <property file="${user.home}/maven.repo.properties"/>
  

• 在 build.xml 下的发布目标中，设置您的 ivy 设置文件位置（它确实被签入代码控制）但嵌入您的凭据属性

  <target name="publish">
      <ivy:settings file="ivysettings.xml">
          <credentials host="repohostname" realm="Artifactory Realm" username="${repo.username}" passwd="${repo.password}"/>
      </ivy:settings>
      <!-- ivy:makepom and ivy:publish targets go here -->
  </target>
  

• 像之前一样创建你的 ivysettings.xml，但是去掉 username 和 passwd 属性

You can then leverage your operating system's permissions to make sure that the maven.repo.properties file is properly hidden from everybody except you (or your automatic build implementation).

然后，您可以利用操作系统的权限来确保 maven.repo.properties 文件对除您之外的所有人（或您的自动构建实现）正确隐藏。

The ivysettings.xml sample in Mark O'Connor's answer should actually be as follows:

Mark O'Connor 的回答中的 ivysettings.xml 示例实际上应该如下所示：

<ivysettings>
  <property name="repo.host" value="default.mycompany.com" override="false"/>
  <property name="repo.realm" value="Sonatype Nexus Repository Manager" override="false"/>
  <property name="repo.user" value="deployment"  override="false"/>
  <property name="repo.pass" value="deployment123"  override="false"/>          

  <credentials host="${repo.host}" realm="${repo.realm}" username="${repo.user}" passwd="${repo.pass}"/>

  ..
</ivysettings>

Means, the property names should notbe surrounded by ${...} (it took me quite a while to find out why this failed - but now I know how to debug ivy access - use commons-httpclient-3.0, set everything to verbose etc.)

意思是，属性名称不应该被 ${...} 包围（我花了很长时间才找出失败的原因 - 但现在我知道如何调试 ivy 访问 - 使用 commons-httpclient-3.0，将所有内容设置为详细等）

Additional to Mark O'Connor's answer you can hide the password from your daily work and from the prying eyes of your workmates by putting these properties either into the antrcstartup file or into the environment variablesused by ant. Please note that they are not very secure in either place.

除了 Mark O'Connor 的回答之外，您可以通过将这些属性放入antrc启动文件或ant 使用的环境变量中来隐藏您的日常工作和同事窥探的密码。请注意，它们在任何一个地方都不是很安全。