The new website for MarkLogic is Visit it.

Protecting passwords in ml-gradle projects

Back to blog
2 minute read
Back to blog
2 minute read

If you are getting involved in a project using ml-gradle, this tip should come in handy if you are not allowed to put passwords (especially the admin password!) in plain text. Without this restriction, you may have multiple passwords in your file if there are multiple MarkLogic users that you need to configure. Instead of storing these passwords in, you can retrieve them from a location where they’re encrypted using this Gradle credentials plugin, used for storing and retrieving encrypted credentials.

Protecting Passwords

Start by enabling the credential plugin in your gradle build:

buildscript {
     dependencies {
       classpath 'nu.studer:gradle-credentials-plugin:1.0.4'

apply plugin: 'nu.studer.credentials'

Now you can add the password(s) to the credential store:

gradle addCredentials --key mlPassword --value somePassword

Here, we assume the admin username does not need to be secured and can still be visible in


Next, remove mlPassword from any gradle*.properties files, if you don’t plan to use this property. If you plan to use this property, such as in a custom Gradle task after the ext block is processed, simply keep the property and set the value to some placeholder text, such as mlPassword=NoneSetYet.

In the ext block in your build.gradle file, add the following content using the credentials object added by the plugin.  Note that when the ml-gradle plugin is applied (and before any ext blocks are processed), ml-gradle has already created connections to the Admin and Manage app servers. So in addition to populating password properties, we also need to re-initialize those connections.

ext {
  // Configure properties based on encrypted credentials
  mlManageConfig.password = credentials.mlPassword
  mlManageConfig.securityPassword = credentials.mlPassword// only needed if setting mlSecurityUsername
  mlAdminConfig.password = credentials.mlPassword
  mlAppConfig.restAdminPassword = credentials.mlPassword
  mlAppConfig.appServicesPassword = credentials.mlPassword

  // Re-initialize the connections to the Admin and Manage servers
  mlManageClient.manageConfig = mlManageConfig
  mlAdminManager.adminConfig = mlAdminConfig

Note that the credentials plugin is only supported up to Java 8.

Another Tip for Passwords

(The CDATA credits go to Peter Kester)

Often, when you are creating a user in MarkLogic, the user password may contain invalid characters, like “&”, that may result in a malformed XML. To avoid sending malformed XML to MarkLogic, wrap the password data with in a CDATA section.

<user-properties xmlns="">

Next, add the password via:

gradle.bat addCredentials --key yourUserPassword --value very&secret

Finally, add the token mapping to the ext block:

ext {

  customTokens.put("%%YOUR_USER_PWD%%", credentials.yourUserPassword)


Note that certain characters can give you a similar issue if you are using JSON, like single and double quotes. If you run into this issue, consider switching to XML.


Additional Resources

Jos van Roosmalen

Read more by this author

Share this article

Read More

Related Posts

Like what you just read, here are a few more articles for you to check out or you can visit our blog overview page to see more.


Poker Fun with XQuery

In this post, we dive into building a full five-card draw poker game with a configurable number of players. Written in XQuery 1.0, along with MarkLogic extensions to the language, this game provides examples of some great programming capabilities, including usage of maps, recursions, random numbers, and side effects. Hopefully, we will show those new to XQuery a look at the language that they may not get to see in other tutorials or examples.

All Blog Articles

Getting Started with Apache Nifi: Migrating from Relational to MarkLogic

Apache NiFi introduces a code-free approach of migrating content directly from a relational database system into MarkLogic. Here we walk you through getting started with migrating data from a relational database into MarkLogic

All Blog Articles

Integrating With Single Sign-On Solutions

This blog post will go over options that will not require the password of the user for integrating with SSO solutions.

All Blog Articles

Sign up for a Demo

Don’t waste time stitching together components. MarkLogic combines the power of a multi-model database, search, and semantic AI technology in a single platform with mastering, metadata management, government-grade security and more.

Request a Demo