SSH Agent

If no other options are used and repository requires authorization, axion-release will try to fetch authorization options from SSH agent (ssh-agent on Linux and pageant on Windows) or netrc for HTTP (<user-home>/.netrc on Linux and <user-home>\_netrc> on Windows).

All interaction with SSH agent is logged on info and debug levels.

SSH Key/password

Interactive mode is fine for local development, but Continuous Integration servers authorize themselves mostly using SSH keys. axion-release-plugin exposes options to use custom SSH keys (even password protected ones) when pushing tags to remote.

Command line

Use release.customKeyFile and release.customKeyPassword properties to force Git to use custom SSH keys to authorize in remote repository:

./gradlew release -Prelease.customKeyFile="./keys/secret_key_rsa" -Prelease.customKeyPassword=password


It might not be desirable to leave trace of key or password in CI server shell history. You can load credentials dynamically using custom Gradle tasks right before release. To change credentials during Gradle build use scmVersion.repository.customKey and scmVersion.repository.customKeyPassword properties.

scmVersion.repository.customKey accepts either File instance to read from or key in form of String.

scmVersion {
    repository {
        customKey = project.file('keys/my_secret_key')

task loadKeyPassword << {
    scmVersion.repository.customKeyPassword = loadPasswordFromSecureStorageOrSomething()
    // you can load the key from secure storage as well!
    scmVersion.repository.customKey = loadKeyFromSecureStorageOrSomething()

task release {
    dependsOn loadKeyPassword

HTTP Basic Auth/GitHub tokens

Same as with SSH keys, axion-release-plugingives option to set basic auth data when connecting to repository via HTTP. This is especially useful when using GitHub OAuth tokens.

Command line

Use release.customUsername and release.customPassword properties to set username and password that will be provided when using Basic Auth. If password is not set, it defaults to empty string.


Username and password can be provided in runtime, just before push is made via scmVersion.repository.customUsername and scmVersion.repository.customPassword properties:

task loadGitHubToken << {
    scmVersion.repository.customUsername = loadGitHubTokenFromSomewhere()