How are users and passwords stored in the Jira Internal Directory

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Purpose

It may be a requirement for auditors or administrators to understand how usernames and passwords are stored within Jira's database. This article discusses the method used when users are stored in Jira's Internal Directory. 

Explanation

  • Users are stored in the cwd_user table of Jira's database. 
  • Passwords are stored in the Credential column of the table and are hashed. 
  • Jira uses a password encoder called atlassian-security which is a wrapper around Bouncy Castle's implementation of PKCS #5 v2.0 (aka PBKDF2) utilizing a random 16-byte salt and 10,000 iterations, which results in a 256-bit hash.
  • This salted PKCS5S2 implementation is provided by Embedded Crowd. You may read this community post on password security from one of our Crowd developers for more details.

More Information

Retrieving the Jira administrator password

Jira Database Schema


Description

It may be a requirement for auditors or administrators to understand how usernames and passwords are stored within Jira's database. This article discusses the method used when users are stored in Jira's Internal Directory. 

ProductJira

Last modified on Jul 19, 2021

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.