:samples-dir: /home/tcagent1/agent/work/ff6c2020506a5c2d/promote-projects/gradle/build/git-checkout/subprojects/docs/build/working/samples/install/credentials-for-external-tool-via-stdin
:gradle-version: 6.5-rc-1

= Supply credentials to external tool Sample

[.download]
- link:zips/sample_credentials_for_external_tool_via_stdin-groovy-dsl.zip[icon:download[] Groovy DSL]
- link:zips/sample_credentials_for_external_tool_via_stdin-kotlin-dsl.zip[icon:download[] Kotlin DSL]

NOTE: You can open the samples inside an IDE using the https://www.jetbrains.com/help/idea/gradle.html#gradle_import_project_start[IntelliJ native importer] or https://projects.eclipse.org/projects/tools.buildship[Eclipse Buildship].

This sample shows how credentials can be passed to an external tool that normally accepts them via standard input.

Let's pretend that we have to log in to some system before performing some operation.
This could be some external system that requires authentication before allowing us to upload some artifacts.

TIP: This sample assumes that the external tool that requires interactive login does not support any form of non-interactive login.
In reality, many tools provide options to authenticate without prompting the user for input.
Command-line arguments can be passed to the Exec task using the `args` property.

To demonstrate the concept, we will fake the authentication using a bash script that prompts the user for username and password:
====
include::sample[dir="groovy",files="login.sh[]"]
====
It has a hardcoded username/password pair that will result in successful login.
The script can be executed without Gradle - it will mimic a tool that requires an interactive login.

Gradle build file registers two tasks - one performs a login and the other one depends on the login having succeeded:
====
include::sample[dir="groovy",files="build.gradle[]"]
include::sample[dir="kotlin",files="build.gradle.kts[]"]
====

The tasks are using link:{userManualPath}/build_environment.html#sec:project_properties[project properties] to capture the required credentials.

Credentials can be passed to a task in multiple ways now:

 * via command-line properties:
=====
----
$ ./gradlew doAuthenticated -Pusername=secret-user -Ppassword=secret-password
----
=====
 * via environment variables:
=====
----
$ ORG_GRADLE_PROJECT_username=secret-user ORG_GRADLE_PROJECT_password=secret-password ./gradlew doAuthenticated
----
=====
 * by setting the properties in `gradle.properties` file:
=====
----
username=secret-user
password=secret-password
----
=====
and running
=====
----
$ ./gradlew doAuthenticated
----
=====
This way the sensitive data can be kept outside of the project sources - `gradle.properties` can reside in the user's `~/.gradle` directory.
The values are also not echoed anywhere this way.
For more information about using Gradle properties, see link:{userManualPath}/build_environment.html#sec:gradle_configuration_properties[Gradle Properties user manual chapter].

The output with correct credentials will be:
=====
[.sample-command]
----
> Task :login
Enter userame:
Enter password:
Welcome, secret-user!

> Task :doAuthenticated
doAuthenticated

BUILD SUCCESSFUL in 496ms
2 actionable tasks: 2 executed
----
=====

