We need to enable some partners to work with us on some java projects, and we need to provide them with the ant build scripts.
However, if possible, we want to encrypt the ant build files (build.xml etc.) so that partners can do the build, but they cannot see the actual ant file content (I know it's weird).
Any good suggestions are appreciated. (we are on the Windows box)
Ant itself does not allow you to encrypt the build scripts (nor does any other build system AFAIK). What you can do is create a custom wrapper around Ant that will store the build script in an encrypted form, decrypt it during execution and pass the decrypted script to the Ant API. Then you can deliver that wrapper to your partners.
(Giving someone the source code to your system but encrypting the build script seems to be an extremely weird thing to do. If only some specific data in the build script is sensitive, you may want to focus on protecting only this data, using some other approach.)
ProjectHelper API to write that wrapper - ProjectHelper is responsible for parsing the build file, so you could decrypt it and then delegate to the default ProjectHelper2. See ant.apache.org/manual/projecthelper.htmlThe music industry tries to solve the same problem. You want to let someone read the content in order to play music, but at the same time you want to hide the content for fear of copying. Unfortunately, these are two contradictory requirements....
My suggestion is not to hide your build logic. Instead pass credentials in as build properties. These credentials are specified at run-time and control access to external build systems like:
The objective is that only authorized build systems can make official changes.
If you absolutely must ship your code with some form of secret, then encrypt that data at rest (Never store plaintext secrets in source code repos). For an example:
