Recommend using API key instead of regular password

With a link to my old blog post explaining how to generate it.
gradle-nexus · Apr 6, 2021 · e231c52 · e231c52
1 parent f3c24a7
commit e231c52
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -59,13 +59,15 @@ Alternatively, you can configure username and password in the `sonatype` block:
 nexusPublishing {
     repositories {
         sonatype {
-            username = "your-username"
-            password = "your-password"
+            username = "your-username"    //preferably your API username
+            password = "your-password"    //preferably your API key
         }
     }
 }
 ```
 
+To increase security, it is advides to use the [API username and key pair](https://blog.solidsoft.pl/2015/09/08/deploy-to-maven-central-using-api-key-aka-auth-token/) (instead of regular credentials).
+
 Finally, call `publishToSonatype closeAndReleaseSonatypeStagingRepository` to publish all publications to Sonatype's OSSRH Nexus and subsequently close and release the corresponding staging repository, effectively making the artifacts available in Maven Central (usually after a few minutes).
 
 Please bear in mind that - especially on the initial project publishing to Maven Central - it might be wise to call just `publishToSonatype closeSonatypeStagingRepository` and manually verify that the artifacts placed in the closed staging repository in Nexus looks ok. After that, the staging repository might be dropped (if needed) or manually released from the Nexus UI.