Base64 encoding

Still need help?

The Atlassian Community is here for you.

Ask the community

We don't recommend Base64 encoding in production for securing secrets because it doesn't provide encryption, and therefore cannot guarantee sufficient data protection.

This type of encoding is suitable for users who don’t want to store passwords in plaintext, but don't have to meet specific requirements to encode them.

Encode the password

For this method, we'll use Base64 encoding, which is a way to achieve simple obfuscation of sensitive data.

On this page:

Step 1. Encode the password

When you encode the database password, you can supply some optional arguments, as shown in the table below.

Argument

Description

-c,--class <arg>

Canonical class name of the cipher. Leave empty to use the default: com.atlassian.secrets.store.base64.Base64SecretStore

-h,--help

Output the help message, which displays these optional arguments

-m,--mode <arg>

Use 'encrypt' (default) or 'decrypt' on your provided password.

-p,--password <arg>

The plaintext password that you want to encrypt. If you omit this parameter, the console will ask you to type the password.

-s,--silent

Log minimum info.

To encode the database password, follow the steps below.

  1. Go to <Confluence-installation-directory>/bin.
  2. Run the following command to encode your password. You can also use the optional parameters described above. 

    java -cp "./*" com.atlassian.secrets.cli.db.DbCipherTool

    When this command is run you should see output similar to that listed below:

    2023-10-10 03:58:01,548 main INFO [com.atlassian.secrets.DefaultSecretStoreProvider] Initiating secret store class: com.atlassian.secrets.store.base64.Base64SecretStore
    2023-10-10 03:58:01,568 main DEBUG [secrets.store.base64.Base64SecretStore] Initiate Base64Cipher
    2023-10-10 03:58:01,583 main DEBUG [secrets.store.base64.Base64SecretStore] Encrypting data...
    2023-10-10 03:58:01,585 main DEBUG [secrets.store.base64.Base64SecretStore] Encryption done.
    Success!
    For Jira, set the following properties in dbconfig.xml:
    
    <atlassian-password-cipher-provider>com.atlassian.secrets.store.base64.Base64SecretStore</atlassian-password-cipher-provider>
    <password>c2VjcmV0</password>
    
    For Bitbucket, set the following properties in bitbucket.properties:
    
    jdbc.password.decrypter.classname=com.atlassian.secrets.store.base64.Base64SecretStore
    jdbc.password=c2VjcmV0
    
    For Bamboo, set the following properties in bamboo.cfg.xml:
    
    <property name="jdbc.password.decrypter.classname">com.atlassian.secrets.store.base64.Base64SecretStore</property>
    <property name="hibernate.connection.password">c2VjcmV0</property>
    
    For Confluence, set the following properties in confluence.cfg.xml:
    
    <property name="jdbc.password.decrypter.classname">com.atlassian.secrets.store.base64.Base64SecretStore</property>
    <property name="hibernate.connection.password">c2VjcmV0</property>

Step 2. Add the encoded password to the confluence.cfg.xml

To add the encoded password:

  1. Back up the <home-directory>/confluence.cfg.xml file. Move the backup to a safe place outside of your instance.
  2. In the confluence.cfg.xml file, add or modify the jdbc.password.decrypter.classname property to contain:

    com.atlassian.secrets.store.base64.Base64SecretStore
  3. In the confluence.cfg.xml file, add or modify the hibernate.connection.password property to contain the Base64 encoded value:

    c2VjcmV0
  4. Once updated, check that confluence.cfg.xml contains:

    <property name="jdbc.password.decrypter.classname">com.atlassian.secrets.store.base64.Base64SecretStore</property>
    <property name="hibernate.connection.password">c2VjcmV0</property>
  5. Restart Confluence.

Decode the password

To decode the password:

  1. Extend the command with the -m decrypt parameter:

    java -cp "./*" com.atlassian.secrets.cli.db.DbCipherTool -m decrypt
  2. When asked for a password, provide the encoded one from your confluence.cfg.xml file.
    After a successful decode, you will see a message similar to this:

    2023-10-10 04:57:22,330 main INFO [com.atlassian.secrets.DefaultSecretStoreProvider] Initiating secret store class: com.atlassian.secrets.store.base64.Base64SecretStore
    2023-10-10 04:57:22,345 main DEBUG [secrets.store.base64.Base64SecretStore] Initiate Base64Cipher
    2023-10-10 04:57:22,360 main DEBUG [secrets.store.base64.Base64SecretStore] Decrypting data...
    2023-10-10 04:57:22,364 main DEBUG [secrets.store.base64.Base64SecretStore] Decryption done.
    Success! Decrypted password using cipher provider: com.atlassian.secrets.store.base64.Base64SecretStore decrypted password: secret


Last modified on Aug 1, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.