Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-19637

Mask/Encrypt credentials in configuration files

XMLWordPrintable

    • 1
    • 1

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Summary

      As for today, bamboo.cfg.xml saves the database credentials in plain text and there is no alternative to it.

      Additionally affected are:

      • <BAMBOO_INSTALL>/conf/server.xml if using a different Keystore Password for SSL
      • <BAMBOO_HOME>/xml-data/configuration/crowd.properties, if using an external Crowd.
      • <BAMBOO_HOME>/xml-data/configuration/atlassian-user.xml prior to 6.6.x Embedded Crowd
      • <BAMBOO_HOME>/xml-data/configuration/administration.xml AWS credentials for Elastic agents

      Suggested Solution

      Have a way to hide or encrypt credentials.

      Why this is important

      Security reasons.

            Unassigned Unassigned
            pdemitrio Patricio
            Votes:
            37 Vote for this issue
            Watchers:
            16 Start watching this issue

              Created:
              Updated:
              Resolved: