Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 21:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

password encryption for database connection

Steven Bracewell
Steven Bracewell
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 7, 2017

The dbconfig.xml for JIRA in the data directory has the database credentials, specifically the password, in plain text. Is there a feature, plugin, setting, etc that will encrypt the password in this file?

Answer
Watch
Like crf likes this
824 views

1 answer

0 votes
crf
crf
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 7, 2017

Short answer: No.  See JRA-31004.

Longer answer:

JIRA has to actually have access to this information to connect to the database.  Since it must be algorithmically recoverable by JIRA using a direct algorithm, anything we do to protect it must be reversible, and that amounts to simple obfuscation.

The database is not the only place that we have this problem, and you can see some of my comments about a similar case (LDAP server passwords) in JRA-27457, where I talk about why we can't just hash it and why obfuscating it doesn't really help.  I also lay out what I think the long term solution should look like.

I've built a library to make possible the "separation of concerns" that I outline there, and our security team is aware of it.  However, making use of it will require some significant changes in all of the products, and it will also complicate the import/export process for Cloud, so this is not likely to progress quickly, but fixing these issues is definitely on our security roadmap.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.