Creating your own Cipher

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

You can also create your own SecretStore implementation, which might be especially useful if you’re required to use a specific vault to store the password.


  • Basic knowledge of Maven
  • Knowledge of Java

Step 1: Create a Maven project and get API dependencies

  1. Navigate to the <Jira_installation_directory>/atlassian-jira/WEB-INF/lib directory.

  2. Install the atlassian-secrets-api.jar file into a local maven repository with the following command:

    mvn install:install-file \
       -Dfile=./atlassian-secrets-api-<version>.jar \
       -DgroupId=com.atlassian.secrets \
       -DartifactId=atlassian-secrets-api \
       -Dversion=<version> \
       -Dpackaging=jar \
  3. Install the atlassian-secrets-store.jar file into a local maven repository with the following command:

    mvn install:install-file \
       -Dfile=./atlassian-secrets-store-<version>.jar \
       -DgroupId=com.atlassian.secrets \
       -DartifactId=atlassian-secrets-store \
       -Dversion=<version> \
       -Dpackaging=jar \
  4. Create a Maven project with the following pom:

    <?xml version="1.0" encoding="UTF-8"?>
    <project xmlns=""

Step 2: Implement the SecretStore interface

The SecretStore interface contains only two methods — store and get. The get method will be called during Jira startup, which means that long-running tasks can affect the startup time. The store method won't be called by Jira, as it's used only in the encryption tool.

From Jira 9.12, the Cipher interface should be considered deprecated. Instead, you should use the new interface, SecretStore, and its corresponding methods, store and get. These methods supersede the equivalent Cipher interface methods, encrypt and decrypt.

The Cipher interface and its methods can still be used, but will eventually be retired, and should not be used when setting up new encryption functionality.

You can use Base64Cipher and AlgorithmSecretStore as examples. 

Step 3: Test your implementation

The encryption tool, described in Base64 encoding and AES encryption, uses the same code as Jira to decrypt the password. You can use it to test your implementation.

Assuming that CLI and your jar are in the same folder:

java -cp "./*" com.atlassian.secrets.cli.db.DbCipherTool -c

Step 4: Make your lib available to Jira

Jira must be able to access your lib. Your class will be initiated using reflection. Put the lib in the following directory:


After upgrading Jira, you'll need to copy your lib to the Jira installation directory again.

Last modified on Aug 31, 2023

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.