Does this plugin provide a mechanism to fetch a header from a password protected repository?

From a remote URI yes, but it has not special password handling (i.e. to not show a potential password used to fetch the resource)

Having issues supplying a user:password (or user:token)...

This same URL works when supplied to curl. Not sure if this is pilot error or something else going on.
The header for multiple projects is stored in artifactory for central administration.

[ERROR] Failed to execute goal com.mycila:license-maven-plugin:4.0.rc2:check (default-cli) on project common: Execution default-cli of goal com.mycila:license-maven-plugin:4.0.rc2:check failed: Cannot read header document https://pquill:groot@artifactory-gotg.ego.net/artifactory/infinity-release-local/foo/boo/somefile.txt. Cause: Resource https://pquill:groot@artifactory-gotg.ego.net/artifactory/infinity-release-local/foo/boo/somefile.txt not found in file system, classpath or URL: Server returned HTTP response code: 401 for URL: https:https://pquill:groot@artifactory-gog.ego.net/artifactory/infinity-release-local/foo/boo/somefile.txt -> [Help 1]

Like I said, current code does not handle authentication in a URL. The code is currently relying on the JDK api and URL connection. To support Basic auth like you want, we would need to update the code to add a Authorization: Basic request header. This is not complicated to do, just currently not supported.

Besides, if we support that we would probably support it by adding a username/creds options to the plugin so that it does not leak anywhere in the URL and logging, and so that it could be more easily moved in a maven settings taken from a settings.xml file for example.

I see. I misread. And yes, support via maven settings would be a cleaner method for supporting such a feature. In the meantime I can create a public/ro repository to workaround the issue.

thx