Custom implementation
You can also create your own SecretStore implementation, which might be especially useful if you’re required to use a specific vault to store the password.
Pre-requisites:
- Basic knowledge of Maven
- Knowledge of Java
Step 1: Create a Maven project and get API dependencies
Navigate to the
<Jira_installation_directory>/atlassian-jira/WEB-INF/libdirectory.Install the
atlassian-secrets-api.jarfile into a local maven repository with the following command:mvn install:install-file \ -Dfile=./atlassian-secrets-api-<version>.jar \ -DgroupId=com.atlassian.secrets \ -DartifactId=atlassian-secrets-api \ -Dversion=<version> \ -Dpackaging=jar \ -DgeneratePom=trueInstall the
atlassian-secrets-store.jarfile into a local maven repository with the following command:mvn install:install-file \ -Dfile=./atlassian-secrets-store-<version>.jar \ -DgroupId=com.atlassian.secrets \ -DartifactId=atlassian-secrets-store \ -Dversion=<version> \ -Dpackaging=jar \ -DgeneratePom=trueCreate a Maven project with the following pom:
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId><your_group_ID></groupId> <artifactId><your_artifact_ID></artifactId> <version><your_version></version> <properties> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> </properties> <build> <resources> <resource> <directory>src/main/resources/libs</directory> <excludes> <exclude>*</exclude> </excludes> <filtering>false</filtering> </resource> </resources> </build> <dependencies> <dependency> <groupId>com.atlassian.secrets</groupId> <artifactId>atlassian-secrets-api</artifactId> <version><api_version></version> <scope>provided</scope> </dependency> <dependency> <groupId>com.atlassian.secrets</groupId> <artifactId>atlassian-secrets-store</artifactId> <version><api_version></version> <scope>provided</scope> </dependency> </dependencies> </project>
Step 2: Implement the SecretStore interface
The SecretStore interface contains only two methods — store and get. The get method will be called during Jira startup, which means that long-running tasks can affect the startup time. The store method won't be called by Jira, as it's used only in the encryption tool.
From Jira 9.12, the Cipher interface should be considered deprecated. Instead, you should use the new interface, SecretStore, and its corresponding methods, store and get. These methods supersede the equivalent Cipher interface methods, encrypt and decrypt.
The Cipher interface and its methods can still be used, but will eventually be retired, and should not be used when setting up new encryption functionality.
You can use Base64Cipher and AlgorithmSecretStore as examples.
Step 3: Test your implementation
The encryption tool, described in Base64 encoding and AES encryption, uses the same code as Jira to decrypt the password. You can use it to test your implementation.
Assuming that CLI and your jar are in the same folder:
java -cp "./*" com.atlassian.secrets.cli.db.DbCipherTool -c your.package.here.ClassNameStep 4: Make your lib available to Jira
Jira must be able to access your lib. Your class will be initiated using reflection. Put the lib in the following directory:
<Jira_installation_directory>/atlassian-jira/WEB-INF/libAfter upgrading Jira, you'll need to copy your lib to the Jira installation directory again.