Base64 encoding

Secure a database password

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

We don't recommend Base64 encoding in production for securing secrets because it doesn't provide encryption, and therefore cannot guarantee sufficient data protection.

To add extra security to your Confluence site, you can encrypt the database password that is stored in the confluence.cfg.xml file.

For this method, we'll use Base64Cipher, which is a way to achieve simple obfuscation of the database password.

On this page:

Step 1. Encrypt the password

To encrypt the database password:

  1. Go to <install-directory>/bin.
  2. Run the following command to encrypt your password.

    java -cp "./*"
Optional arguments...
  • -- silent -s: limits logging to a minimum

  • -- help -h: prints a help message with all parameters

  • -- mode -m: defines what to do with the password, either encrypt or decrypt. If omitted, 'encrypt' will be used.

  • -- password -p: plain text password. If omitted, you'll be asked to enter it. We recommend that you omit this parameter so that your password is not stored in the history.

Step 2. Add the encrypted password to the properties file

To add the encrypted password:

  1. Back up the <home-directory>/confluence.cfg.xml file. Move the backup to a safe place outside of your instance.
  2. In the confluence.cfg.xml file, replace the hibernate.connection.password property with the password generated by the CLI. Also, specify the jdbc.password.decrypter.classname property. For example:

  3. Restart Confluence.

Decrypt the password

To decrypt the password, extend the command with the -m decrypt parameter:

java -cp "./*" -m decrypt

When asked for a password, provide the encrypted one from your confluence.cfg.xml file.

Last modified on May 10, 2024

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.