Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Encrypt passwords in context and dbconfig JIRA files

atlassian member
atlassian member January 18, 2018

Hi,

For security reasons, we would like to encrypt passwords in context.xml and dbconfig.xml.

Is there any tool that would allow us to do this on JIRA?

Best regards,

Answer
Watch
Like Be the first to like this
692 views

1 answer

1 vote
somethingblue
somethingblue
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 18, 2018

Hi Yasmine,

I found a Community post with comments from a JIRA Development Engineer titled password encryption for database connection that link to comments in JRASERVER-27457 which may help explain why this isn't done natively.

I found a Suggestion request for this at JRASERVER-31004 and one with MSSQL as the Database in question specifically at JRASERVER-37356: Clear text password in dbconfig.xml. Here is an update from JRASERVER-31004 from 2016:

While we understand the importance of this issue for our customers with strict password encryption requirements, we have not been able to prioritize development on this issue and it's not in our immediate plans.

JIRA still needs access to the database – any code to encrypt the DB credentials or the JNDI datasource would have to reside within the application, therefore an attacker who has obtained system-level access to JIRA could still reverse-engineer the implementation and decrypt the password. Therefore you only have "security via obfuscation." Please see this comment on JRA-27457 for more detail.

That said, we do think this is a positive step and want to support you. We hope to implement a solution in the future.

Please vote on JRASERVER-31004: Encrypt Database Password in dbconfig.xml or use integrated authentication to add impact so we can get this implemented into JIRA.

Cheers,

Branden

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.