Creating your own Cipher
You can also create your own SecretStore
implementation, which might be especially useful if you’re required to use a specific vault to store the password.
Pre-requisites:
- Basic knowledge of Maven
- Knowledge of Java
Step 1: Create a Maven project and get API dependencies
Navigate to the
<Jira_installation_directory>/atlassian-jira/WEB-INF/lib
directory.Install the
atlassian-secrets-api.jar
file into a local maven repository with the following command:mvn install:install-file \ -Dfile=./atlassian-secrets-api-<version>.jar \ -DgroupId=com.atlassian.secrets \ -DartifactId=atlassian-secrets-api \ -Dversion=<version> \ -Dpackaging=jar \ -DgeneratePom=true
Install the
atlassian-secrets-store.jar
file into a local maven repository with the following command:mvn install:install-file \ -Dfile=./atlassian-secrets-store-<version>.jar \ -DgroupId=com.atlassian.secrets \ -DartifactId=atlassian-secrets-store \ -Dversion=<version> \ -Dpackaging=jar \ -DgeneratePom=true
Create a Maven project with the following pom:
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId><your_group_ID></groupId> <artifactId><your_artifact_ID></artifactId> <version><your_version></version> <properties> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> </properties> <build> <resources> <resource> <directory>src/main/resources/libs</directory> <excludes> <exclude>*</exclude> </excludes> <filtering>false</filtering> </resource> </resources> </build> <dependencies> <dependency> <groupId>com.atlassian.secrets</groupId> <artifactId>atlassian-secrets-api</artifactId> <version><api_version></version> <scope>provided</scope> </dependency> <dependency> <groupId>com.atlassian.secrets</groupId> <artifactId>atlassian-secrets-store</artifactId> <version><api_version></version> <scope>provided</scope> </dependency> </dependencies> </project>
Step 2: Implement the SecretStore interface
The SecretStore interface contains only two methods — store
and get
. The get
method will be called during Jira startup, which means that long-running tasks can affect the startup time. The store
method won't be called by Jira, as it's used only in the encryption tool.
From Jira 9.12, the Cipher
interface should be considered deprecated. Instead, you should use the new interface, SecretStore
, and its corresponding methods, store
and get
. These methods supersede the equivalent Cipher
interface methods, encrypt
and decrypt
.
The Cipher
interface and its methods can still be used, but will eventually be retired, and should not be used when setting up new encryption functionality.
You can use Base64Cipher
and AlgorithmSecretStore
as examples.
Step 3: Test your implementation
The encryption tool, described in Base64 encoding and AES encryption, uses the same code as Jira to decrypt the password. You can use it to test your implementation.
Assuming that CLI and your jar are in the same folder:
java -cp "./*" com.atlassian.secrets.cli.db.DbCipherTool -c your.package.here.ClassName
Step 4: Make your lib available to Jira
Jira must be able to access your lib. Your class will be initiated using reflection. Put the lib in the following directory:
<Jira_installation_directory>/atlassian-jira/WEB-INF/lib
After upgrading Jira, you'll need to copy your lib to the Jira installation directory again.