Using Nexus with Maven -plain text password in settings.xml

I am setting up Nexus 3.29 OSS to be used with Maven repositories. One of the first issue I see is with the plain-text nexus credentials being stored in Maven settings.xml.

Maven supports API tokens instead of passwords, but I am not finding any way in Nexus to generate API token. I do see Nuget API key, but I believe that’s meant for Nuget repos.

Came across an old article written 9 yrs ago on Nexus 2, which says that OSS version does not support generating API token while Pro does. Is that still true that Nexus 3 today does not support API token generation ?

I can still encrypt the password using Maven encrypt password utility, but wanted to confirm if that is the only possible way to avoid plain-text passwords.

Any best practices or recommendations around this ?

Correct User Tokens are a pro-feature, I imagine Maven’s password encryption linked from the KB still works if you’re an OSS user.