Base64 encoding

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

We don't recommend Base64 encoding in production for securing secrets because it doesn't provide encryption, and therefore cannot guarantee sufficient data protection.

In this method, we'll use Base64 encoding, which is a simple obfuscation.

Step 1. Encrypting the password

  1. Go to <Jira-installation-directory>/bin.
  2. Run the following command to encrypt your password. Additionally, you can use optional arguments described below. 

    java -cp "./*" com.atlassian.secrets.cli.db.DbCipherTool
Optional arguments...
  • -- silent -s: limits logging to minimum
  • -- help -h: prints a help message with all parameters
  • -- mode -m: defines what to do with the password, either encrypt or decrypt. If omitted, 'encrypt' will be used.
  • -- password -p: plain text password. If omitted, you'll be asked to enter it. We recommend that you omit this parameter so your password is not stored in the history.
Sample output...
main DEBUG [db.config.password.DefaultCipherProvider] Initiate cipher provider class: com.atlassian.secrets.store.base64.Base64SecretStore
main DEBUG [password.ciphers.base64.Base64Cipher] Initiate Base64Cipher
main DEBUG [password.ciphers.base64.Base64Cipher] Encrypting data...
main DEBUG [password.ciphers.base64.Base64Cipher] Encryption done. Success! Put those lines in database config xml file:
<atlassian-password-cipher-provider>com.atlassian.secrets.store.base64.Base64SecretStore</atlassian-password-cipher-provider> <password>ZGZnZGZn</password> and restart the instance.

Step 2. Adding the encrypted password to dbconfig.xml

  1. Go to Jira home directory and back up the dbconfig.xml file. Move the backup to a safe place outside of your Jira server.
  2. Edit the dbconfig.xml file.
  3. Replace the <password> tag with the tags generated by CLI. For example:

    <atlassian-password-cipher-provider>com.atlassian.secrets.store.base64.Base64SecretStore</atlassian-password-cipher-provider> <password>put-your-obfuscated-password-here</password>
  4. Restart Jira.

Decrypting the password

To decrypt the password, extend the command with the -m decrypt parameter:

java -cp "./*" com.atlassian.secrets.cli.db.DbCipherTool -m decrypt

When asked for a password, provide the encrypted one from your dbconfig.xml file.

Troubleshooting

Reverting the changes...

To revert the changes, remove the <atlassian-password-cipher-provider> tag from the dbconfig.xml file, and change the encrypted password to a plain text one.

The setup screen opens after restarting Jira...

The setup screen means that Jira couldn't connect to the database to access your configuration, most probably because of an error with decrypting your password.

To solve this problem, open <Jira_home_directory>/log/atlassian-jira.log, and check the lines after: Reading database configuration from.

You’ll probably see the following message:

[c.a.j.config.database.DatabaseConfigHandler] Trying to get encrypted password from xml and decrypt it
[c.a.s.store.base64.Base64SecretStore] Runtime Exception thrown when decrypting:

If that’s the case, read the message, as it contains details about the error and a possible solution. If the error is java.lang.IllegalArgumentException, you will need to encrypt the password again.

‘Jira had problems starting up’ message is displayed after restarting Jira…

To investigate this problem, open <Jira_home_directory>/log/atlassian-jira.log, and check the lines after: Reading database configuration from.

You’ll probably see the following messages:

[c.a.j.config.database.DatabaseConfigHandler] Trying to get encrypted password from xml and decrypt it
[c.a.j.config.database.DatabaseConfigHandler] Database password decryption success!
[c.a.config.bootstrap.DefaultAtlassianBootstrapManager] Could not successfully test your database:

[c.a.jira.health.HealthChecks] JIRA couldn't connect to your database
[c.a.jira.health.HealthChecks] JIRA failed to establish a connection to your database.

This means that Jira decrypted the password successfully, but the password itself is incorrect. You can verify that by completing these steps:

  1. Open the dbconfig.xml file, and copy the encrypted password.
  2. Decrypt the password.
  3. Check if the decrypted password is the same as the one in your backup dbconfig.xml file.
Last modified on Jul 11, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.