Basic encryption
Step 1. Encode the password
When you encode the database password, you can supply some optional arguments, as shown in the table below.
Argument | Description |
|---|---|
| Canonical class name of the cipher. Leave empty to use the default: |
| Output the help message, which displays these optional arguments |
| Use 'encrypt' (default) or 'decrypt' on your provided password. |
| The plaintext password that you want to encrypt. If you omit this parameter, the console will ask you to type the password. |
| Log minimum info. |
To encode the database password, follow the steps below.
- Go to <Confluence-installation-directory>/bin.
Run the following command to encode your password. You can also use the optional parameters described above.
java -cp "./*" com.atlassian.secrets.cli.db.DbCipherToolWhen this command is run you should see output similar to that listed below:
2023-10-10 03:58:01,548 main INFO [com.atlassian.secrets.DefaultSecretStoreProvider] Initiating secret store class: com.atlassian.secrets.store.base64.Base64SecretStore 2023-10-10 03:58:01,568 main DEBUG [secrets.store.base64.Base64SecretStore] Initiate Base64Cipher 2023-10-10 03:58:01,583 main DEBUG [secrets.store.base64.Base64SecretStore] Encrypting data... 2023-10-10 03:58:01,585 main DEBUG [secrets.store.base64.Base64SecretStore] Encryption done. Success! For Jira, set the following properties in dbconfig.xml: <atlassian-password-cipher-provider>com.atlassian.secrets.store.base64.Base64SecretStore</atlassian-password-cipher-provider> <password>c2VjcmV0</password> For Bitbucket, set the following properties in bitbucket.properties: jdbc.password.decrypter.classname=com.atlassian.secrets.store.base64.Base64SecretStore jdbc.password=c2VjcmV0 For Bamboo, set the following properties in bamboo.cfg.xml: <property name="jdbc.password.decrypter.classname">com.atlassian.secrets.store.base64.Base64SecretStore</property> <property name="hibernate.connection.password">c2VjcmV0</property> For Confluence, set the following properties in confluence.cfg.xml: <property name="jdbc.password.decrypter.classname">com.atlassian.secrets.store.base64.Base64SecretStore</property> <property name="hibernate.connection.password">c2VjcmV0</property>
Step 2. Add the encoded password to the confluence.cfg.xml
To add the encoded password:
- Back up the
<home-directory>/confluence.cfg.xmlfile. Move the backup to a safe place outside of your instance. In the
confluence.cfg.xmlfile, add or modify thejdbc.password.decrypter.classnameproperty to contain:com.atlassian.secrets.store.base64.Base64SecretStoreIn the
confluence.cfg.xmlfile, add or modify thehibernate.connection.passwordproperty to contain the Base64 encoded value:c2VjcmV0Once updated, check that
confluence.cfg.xmlcontains:<property name="jdbc.password.decrypter.classname">com.atlassian.secrets.store.base64.Base64SecretStore</property> <property name="hibernate.connection.password">c2VjcmV0</property>- Restart Confluence.
Decode the password
To decode the password:
Extend the command with the
-m decryptparameter:java -cp "./*" com.atlassian.secrets.cli.db.DbCipherTool -m decryptWhen asked for a password, provide the encoded one from your
confluence.cfg.xmlfile.
After a successful decode, you will see a message similar to this:2023-10-10 04:57:22,330 main INFO [com.atlassian.secrets.DefaultSecretStoreProvider] Initiating secret store class: com.atlassian.secrets.store.base64.Base64SecretStore 2023-10-10 04:57:22,345 main DEBUG [secrets.store.base64.Base64SecretStore] Initiate Base64Cipher 2023-10-10 04:57:22,360 main DEBUG [secrets.store.base64.Base64SecretStore] Decrypting data... 2023-10-10 04:57:22,364 main DEBUG [secrets.store.base64.Base64SecretStore] Decryption done. Success! Decrypted password using cipher provider: com.atlassian.secrets.store.base64.Base64SecretStore decrypted password: secret