Summary

When attempting to encrypt the Confluence database password to add extra security (See: AES encryption), and attempting Step 1.2, "Run the following command to encrypt your password", it fails with an error in the command line.

Environment

Confluence Data Center 7.19+ 

Diagnosis

To confirm if you are hitting this specific issue, please follow these steps: 

1. Go to <install-directory>/bin.

2. Run the command to begin the encryption process: 
   

   java -cp "./*" com.atlassian.db.config.password.tools.CipherTool -c com.atlassian.db.config.password.ciphers.algorithm.AlgorithmCipher

3. A version of the following error will be displayed: 

   libbc-probe.so: failed to map segment from shared object: Operation not permitted

Cause

The root cause of the problem is that Java is unable to load the library libbc-probe.so  from the /tmp  directory.  

The issue lies in the operating system's mount point(s), where the {{/tmp}} partition has been mounted as noexec. Mounting a filesystem as noexec means it does not permit the execution of executable binaries in the mounted filesystem. (See: How do I check if "noexec" flag exists on a Linux OS?)

Solution

To address this situation, there are two approaches: 

• Approach 1) 
  
  • Remove the noexec flags in your mount point
    
    
• Approach 2) 

  • If flag noexec must remain set on the mount point, run the following to change the directory to one with exec permission to allow Java to load the library:
    

    java -Djava.io.tmpdir=/path/to/tmpdir -cp "./*" com.atlassian.secrets.cli.db.DbCipherTool -c com.atlassian.secrets.store.algorithm.AlgorithmSecretStore

    Make sure you update /path/to/tmpdir in the above example.