Base64 encoding

Still need help?

The Atlassian Community is here for you.

Ask the community

We don't recommend Base64 encoding in production for securing secrets because it doesn't provide encryption, and therefore cannot guarantee sufficient data protection.

This type of encoding is suitable for users who don’t want to store passwords in plaintext, but don't have to meet specific requirements to encode them.

Encode the password

For this method, we'll use Base64 encoding, which is a way to achieve simple obfuscation of sensitive data.

On this page:

Step 1. Encode the password

When you encode the database password, you can supply some optional arguments, as shown in the table below.



-c,--class <arg>

Canonical class name of the cipher. Leave empty to use the default:


Output the help message, which displays these optional arguments

-m,--mode <arg>

Use 'encrypt' (default) or 'decrypt' on your provided password.

-p,--password <arg>

The plaintext password that you want to encrypt. If you omit this parameter, the console will ask you to type the password.


Log minimum info.

To encode the database password, follow the steps below.

  1. Go to <Confluence-installation-directory>/bin.
  2. Run the following command to encode your password. You can also use the optional parameters described above. 

    java -cp "./*" com.atlassian.secrets.cli.db.DbCipherTool

    When this command is run you should see output similar to that listed below:

    2023-10-10 03:58:01,548 main INFO [com.atlassian.secrets.DefaultSecretStoreProvider] Initiating secret store class:
    2023-10-10 03:58:01,568 main DEBUG [] Initiate Base64Cipher
    2023-10-10 03:58:01,583 main DEBUG [] Encrypting data...
    2023-10-10 03:58:01,585 main DEBUG [] Encryption done.
    For Jira, set the following properties in dbconfig.xml:
    For Bitbucket, set the following properties in
    For Bamboo, set the following properties in bamboo.cfg.xml:
    <property name="jdbc.password.decrypter.classname"></property>
    <property name="hibernate.connection.password">c2VjcmV0</property>
    For Confluence, set the following properties in confluence.cfg.xml:
    <property name="jdbc.password.decrypter.classname"></property>
    <property name="hibernate.connection.password">c2VjcmV0</property>

Step 2. Add the encoded password to the confluence.cfg.xml

To add the encoded password:

  1. Back up the <home-directory>/confluence.cfg.xml file. Move the backup to a safe place outside of your instance.
  2. In the confluence.cfg.xml file, add or modify the jdbc.password.decrypter.classname property to contain:
  3. In the confluence.cfg.xml file, add or modify the hibernate.connection.password property to contain the Base64 encoded value:

  4. Once updated, check that confluence.cfg.xml contains:

    <property name="jdbc.password.decrypter.classname"></property>
    <property name="hibernate.connection.password">c2VjcmV0</property>
  5. Restart Confluence.

Decode the password

To decode the password:

  1. Extend the command with the -m decrypt parameter:

    java -cp "./*" com.atlassian.secrets.cli.db.DbCipherTool -m decrypt
  2. When asked for a password, provide the encoded one from your confluence.cfg.xml file.
    After a successful decode, you will see a message similar to this:

    2023-10-10 04:57:22,330 main INFO [com.atlassian.secrets.DefaultSecretStoreProvider] Initiating secret store class:
    2023-10-10 04:57:22,345 main DEBUG [] Initiate Base64Cipher
    2023-10-10 04:57:22,360 main DEBUG [] Decrypting data...
    2023-10-10 04:57:22,364 main DEBUG [] Decryption done.
    Success! Decrypted password using cipher provider: decrypted password: secret

Last modified on May 10, 2024

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.