Files such as:

• <BAMBOO_INSTALL>/conf/server.xml if you're using a different Keystore Password for SSL
• <BAMBOO_HOME>/bamboo.cfg.xml for the Database configuration.
• <BAMBOO_HOME>/xml-data/configuration/crowd.properties, if using and external Crowd.
• <BAMBOO_HOME>/xml-data/configuration/atlassian-user.xml in prior to 6.6.x Embedded Crowd

Have Password information set in Plaintext and due to some security guidelines as discussed by Customers at JRASERVER-31004 may require to be Encrypted/Obfuscated for increased security.

There is already a Suggestion that addresses only the Database configuration password, BAM-2670, which is marked as resolved and related to JRASERVER-31004 which is "in progress". I'm opening this one to broaden the same need to the other configuration and files existent.

Please, consider the possibilities to address the behaviour in these and Encrypt/Obfuscate plaintext password data as well.