Storing encrypted password in Perforce
December 11, 2009 – 2:28 pmI want to write a nightly script that does the following
- sync to source code to the latest version
- build the project
- run the built project.
The first problem I run into is that Perforce requires a password to login, but I don’t want to expose my password in the script as plain text. At the beginning, I thought I could something that resembles SSH password-less login. For instance, I would create a public-private key pair and store the public key in the Perforce server, so that I no longer need to provide a password when I log in. After a bit of googling I don’t think such a solution will work, not to mention that I don’t have permission to store anything on the Perforce server.
After reading the Perforce manual more carefully, I find a solution: I use the “p4 passwd” command to change my password and store the MD5 hash of the new password into P4PASSWD environment variable. After that I can run other perforce operations without logging in first. One hiccup of the approach is that you need to change the password in order to set the P4PASSWD variable. If you change the password on the server first, the P4PASSWD on the dev machine will become invalid. If you change on the dev machine first, P4PASSWD will become invalid on the server. What I did was change to password on the server, enter “p4 set P4PASSWD” to get the MD5 hash, and then go to the dev machine and enter “p4 set P4PASSWD=<Md5 hash>”. But that raises another question: if someone else get hold of my MD5 hash will he also be able to login as well?
Updated: Perforce knowledge base has a related article.