Mask/Encrypt credentials in configuration files

XMLWordPrintable

    • 1
    • 1

      Summary

      As for today, bamboo.cfg.xml saves the database credentials in plain text and there is no alternative to it.

      Additionally affected are:

      • <BAMBOO_INSTALL>/conf/server.xml if using a different Keystore Password for SSL
      • <BAMBOO_HOME>/xml-data/configuration/crowd.properties, if using an external Crowd.
      • <BAMBOO_HOME>/xml-data/configuration/atlassian-user.xml prior to 6.6.x Embedded Crowd
      • <BAMBOO_HOME>/xml-data/configuration/administration.xml AWS credentials for Elastic agents

      Suggested Solution

      Have a way to hide or encrypt credentials.

      Why this is important

      Security reasons.

            Assignee:
            Unassigned
            Reporter:
            Patricio (Inactive)
            Votes:
            37 Vote for this issue
            Watchers:
            16 Start watching this issue

              Created:
              Updated:
              Resolved: