Base64 encoding
We don't recommend Base64 encoding in production for securing secrets because it doesn't provide encryption, and therefore cannot guarantee sufficient data protection.
This type of encoding is suitable for users who don’t want to store passwords in plaintext, but don't have to meet specific requirements to encode them.
Encode the password
For this method, we'll use Base64 encoding, which is a way to achieve simple obfuscation of sensitive data.
Step 1. Encode the password
When you encode the database password, you can supply some optional arguments, as shown in the table below.
Argument | Description |
---|---|
| Canonical class name of the cipher. Leave empty to use the default: |
| Output the help message, which displays these optional arguments |
| Use 'encrypt' (default) or 'decrypt' on your provided password. |
| The plaintext password that you want to encrypt. If you omit this parameter, the console will ask you to type the password. |
| Log minimum info. |
To encode the database password, follow the steps below.
- Go to <Confluence-installation-directory>/bin.
Run the following command to encode your password. You can also use the optional parameters described above.
java -cp "./*" com.atlassian.secrets.cli.db.DbCipherTool
When this command is run you should see output similar to that listed below:
2023-10-10 03:58:01,548 main INFO [com.atlassian.secrets.DefaultSecretStoreProvider] Initiating secret store class: com.atlassian.secrets.store.base64.Base64SecretStore 2023-10-10 03:58:01,568 main DEBUG [secrets.store.base64.Base64SecretStore] Initiate Base64Cipher 2023-10-10 03:58:01,583 main DEBUG [secrets.store.base64.Base64SecretStore] Encrypting data... 2023-10-10 03:58:01,585 main DEBUG [secrets.store.base64.Base64SecretStore] Encryption done. Success! For Jira, set the following properties in dbconfig.xml: <atlassian-password-cipher-provider>com.atlassian.secrets.store.base64.Base64SecretStore</atlassian-password-cipher-provider> <password>c2VjcmV0</password> For Bitbucket, set the following properties in bitbucket.properties: jdbc.password.decrypter.classname=com.atlassian.secrets.store.base64.Base64SecretStore jdbc.password=c2VjcmV0 For Bamboo, set the following properties in bamboo.cfg.xml: <property name="jdbc.password.decrypter.classname">com.atlassian.secrets.store.base64.Base64SecretStore</property> <property name="hibernate.connection.password">c2VjcmV0</property> For Confluence, set the following properties in confluence.cfg.xml: <property name="jdbc.password.decrypter.classname">com.atlassian.secrets.store.base64.Base64SecretStore</property> <property name="hibernate.connection.password">c2VjcmV0</property>
Step 2. Add the encoded password to the confluence.cfg.xml
To add the encoded password:
- Back up the
<home-directory>/confluence.cfg.xml
file. Move the backup to a safe place outside of your instance. In the
confluence.cfg.xml
file, add or modify thejdbc.password.decrypter.classname
property to contain:com.atlassian.secrets.store.base64.Base64SecretStore
In the
confluence.cfg.xml
file, add or modify thehibernate.connection.password
property to contain the Base64 encoded value:c2VjcmV0
Once updated, check that
confluence.cfg.xml
contains:<property name="jdbc.password.decrypter.classname">com.atlassian.secrets.store.base64.Base64SecretStore</property> <property name="hibernate.connection.password">c2VjcmV0</property>
- Restart Confluence.
Decode the password
To decode the password:
Extend the command with the
-m decrypt
parameter:java -cp "./*" com.atlassian.secrets.cli.db.DbCipherTool -m decrypt
When asked for a password, provide the encoded one from your
confluence.cfg.xml
file.
After a successful decode, you will see a message similar to this:2023-10-10 04:57:22,330 main INFO [com.atlassian.secrets.DefaultSecretStoreProvider] Initiating secret store class: com.atlassian.secrets.store.base64.Base64SecretStore 2023-10-10 04:57:22,345 main DEBUG [secrets.store.base64.Base64SecretStore] Initiate Base64Cipher 2023-10-10 04:57:22,360 main DEBUG [secrets.store.base64.Base64SecretStore] Decrypting data... 2023-10-10 04:57:22,364 main DEBUG [secrets.store.base64.Base64SecretStore] Decryption done. Success! Decrypted password using cipher provider: com.atlassian.secrets.store.base64.Base64SecretStore decrypted password: secret