When setting up a Nexus server, I am usually using two different repositories that store my own artefacts: A snapshot repository which is writable for everyone, and a release repository which is password-protected, so that only the CI user may perform write operations. A typical pom.xml will contain the following sniplet: With this, a call to "mvn deploy" is only possible if the current <version> tag ends with "-SNAPSHOT". Otherwise, the attempt to deploy will fail. To deploy releases as well, you must add the user credentials to your ~/.m2/settings.xml file: In this example I am using password encryption, which needs an additional security-settings.xml file that contains the password masterkey.