Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-2146

Encrypt all passwords stored on the file system

XMLWordPrintable

    • 17
    • 23
    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Problem

      Passwords are not encrypted in the following file:

      • confluence-mail.cfg.xml
      • confluence.cfg.xml
      • catalina.properties
      • server.xml
      • other files that contain password

      Suggested solution

      Resolve an encryption scheme for anything requiring security stored on the file system.

       

      Atlassian Update - 2024-10-08

      Hi everyone,

      Thanks for your interest in this suggestion. I'm pleased to let you know that we have released default password encryption for Confluence in version 9.1.

      Further information on this can be found in our release notes, and here.

      Kind regards,

      Michael Andreacchio
      Confluence Data Center Product Management

          Form Name

            [CONFSERVER-2146] Encrypt all passwords stored on the file system

            Michael Andreacchio added a comment -

            Thanks for your question 779da16e148c. Currently there's no plans to backport this feature into a previous LTS such as 8.5. We are soon to be shipping Confluence 9.2LTS nearing the end of the year with this and several other security features we're excited to see customers adopt. You can learn more about what Confluence 9.2 will be featuring in this blog. Thank you.

            Michael Andreacchio added a comment - Thanks for your question 779da16e148c . Currently there's no plans to backport this feature into a previous LTS such as 8.5. We are soon to be shipping Confluence 9.2LTS nearing the end of the year with this and several other security features we're excited to see customers adopt. You can learn more about what Confluence 9.2 will be featuring in this blog . Thank you.

            Thomas Clemens added a comment -

            When are we going to get this backported to the Long Term Support Version?

            Thomas Clemens added a comment - When are we going to get this backported to the Long Term Support Version?

            Michael Andreacchio added a comment -

            Dear Customers,

            Thanks for your interest in this suggestion. I'm pleased to let you know that we have released default password encryption for Confluence in version 9.1.

            Further information on this can be found in our release notes, and here.

            Kind regards,

            Michael Andreacchio
            Confluence Data Center

            Michael Andreacchio added a comment - Dear Customers, Thanks for your interest in this suggestion. I'm pleased to let you know that we have released default password encryption for Confluence in version 9.1. Further information on this can be found in our release notes , and here . Kind regards, Michael Andreacchio Confluence Data Center

            Michael Andreacchio added a comment -
            Atlassian Update - 2024-05-06

            Hi everyone,

            This is mandreacchio from the Confluence DC PM team. Thank you for your interest in this suggestion.

            I'm transitioning this issue over to In Progress given we've started work on this suggestion.

            Per 8b9dc59d202e's comment below, we've previously rolled-out AES (128-bit) and external-secret manager (AWS Secret Manager and Hashicorp Vault) for database configuration secrets (confluence.cfg.xml) in Confluence 8.7. Additionally, we've enabled AES encryption (128-bit) in the user directory configuration / server.xml in Confluence 8.9.

            We'll be bringing in more files/areas under the expanded scope for AES 256-bit encryption by default, we've shared this on our public roadmap via this announcement. We hope to bring the remaining functionality to close out this request to you soon, please keep an eye here and on our release notes for further updates.

            Kind regards,

             

            Michael Andreacchio
            Confluence Data Center Product Management

            Michael Andreacchio added a comment - Atlassian Update - 2024-05-06 Hi everyone, This is mandreacchio from the Confluence DC PM team. Thank you for your interest in this suggestion. I'm transitioning this issue over to In Progress given we've started work on this suggestion. Per 8b9dc59d202e 's comment below, we've previously rolled-out AES (128-bit) and external-secret manager (AWS Secret Manager and Hashicorp Vault) for database configuration secrets (confluence.cfg.xml) in Confluence 8.7. Additionally, we've enabled AES encryption (128-bit) in the user directory configuration / server.xml in Confluence 8.9. We'll be bringing in more files/areas under the expanded scope for AES 256-bit encryption by default, we've shared this on our public roadmap via this announcement. We hope to bring the remaining functionality to close out this request to you soon, please keep an eye here and on our release notes for further updates. Kind regards,   Michael Andreacchio Confluence Data Center Product Management

            Brad Barber added a comment -

            Thank you AD, I appreciate the update.

            BB

            Brad Barber added a comment - Thank you AD, I appreciate the update. BB

            Anubhav Dutt added a comment -

            Hi cda035fec47c,

            Thanks for your comments and circling back on this JAC issue with regards to secrets encryption.

            As we shared in the earlier comment we have already rolled-out AES (128-bit) and external-secret manager (AWS Secret Manager and Hashicorp Vault) for database configuration secrets (confluence.cfg.xml) with Confluence 8.7 release.

            Additionally we have also enabled AES encryption (128-bit) in the user directory configuration / server.xml with Confluence 8.9 release.

            With our recent announcements on prioritising security for DC products we are bringing in more files/areas under the expanded scope for AES 256-bit encryption by default which will soon be shared on the Public Roadmaps.

            I hope that gives you some insights into our security roadmap for Atlassian Data Center products.

            Regards
            AD,

            PM - Atlassian DC

            Anubhav Dutt added a comment - Hi cda035fec47c , Thanks for your comments and circling back on this JAC issue with regards to secrets encryption. As we shared in the earlier comment we have already rolled-out AES (128-bit) and external-secret manager (AWS Secret Manager and Hashicorp Vault) for database configuration secrets (confluence.cfg.xml) with Confluence 8.7 release. Additionally we have also enabled AES encryption (128-bit) in the user directory configuration / server.xml with Confluence 8.9 release. With our recent announcements on prioritising security for DC products we are bringing in more files/areas under the expanded scope for AES 256-bit encryption by default which will soon be shared on the Public Roadmaps. I hope that gives you some insights into our security roadmap for Atlassian Data Center products. Regards AD, PM - Atlassian DC

            Brad Barber added a comment -

            Greetings,

            Are there any updates regarding to this issue? 

            Passwords are not encrypted in the following file:

            • confluence-mail.cfg.xml
            • confluence.cfg.xml
            • catalina.properties
            • server.xml
            • other files that contain password

            Is anyone working on an encryption solution for those files?  Thanks for any feedback.  

            Brad Barber added a comment - Greetings, Are there any updates regarding to this issue?  Passwords are not encrypted in the following file: confluence-mail.cfg.xml confluence.cfg.xml catalina.properties server.xml other files that contain password Is anyone working on an encryption solution for those files?  Thanks for any feedback.  

            Anubhav Dutt added a comment -

            Hi All,

            Thanks for your comments, concerns and suggestion with regards to integrating with external secret managers for configuration password encryption and storage.

            For additional security, you can now protect the database password used to access your database, which is stored in the configuration file.

            We’ve prepared different encryption methods including AWS Secret manager and Hashicorp Vault, however we are currently limited to Database Configuration and working towards extending to other properties and configurations planned for release in the next few quarters.

            Regards
            AD - DC PM

            Anubhav Dutt added a comment - Hi All, Thanks for your comments, concerns and suggestion with regards to integrating with external secret managers for configuration password encryption and storage. For additional security, you can now protect the database password used to access your database, which is stored in the configuration file. We’ve prepared different encryption methods including AWS Secret manager and Hashicorp Vault, however we are currently limited to Database Configuration and working towards extending to other properties and configurations planned for release in the next few quarters. Regards AD - DC PM

            Anubhav Dutt added a comment -

            Hi All,
            Thanks for your comments, concerns and suggestion with regards to integrating with external secret managers for configuration password encryption and storage.

            For additional security, you can now protect the database password used to access your database, which is stored in the configuration file.

            We’ve prepared different encryption methods including AWS Secret manager and Hashicorp Vault, however we are currently limited to Database Configuration and working towards extending to other properties and configurations planned for release in the next few quarters.

            Anubhav Dutt added a comment - Hi All, Thanks for your comments, concerns and suggestion with regards to integrating with external secret managers for configuration password encryption and storage. For additional security, you can now protect the database password used to access your database, which is stored in the configuration file. We’ve prepared different encryption methods including AWS Secret manager and Hashicorp Vault, however we are currently limited to Database Configuration and working towards extending to other properties and configurations planned for release in the next few quarters.

            Ganesh Gautam added a comment -

            Hi d23511588330 / 36988429ec3d
            The basic-encryption article should be able to help you in encrypting DB password.
            Thanks

            Ganesh Gautam added a comment - Hi d23511588330 / 36988429ec3d ,  The basic-encryption article should be able to help you in encrypting DB password. Thanks

              mandreacchio Michael Andreacchio
              nick@atlassian.com Nick Faiz [OLD] (Inactive)
              Votes:
              195 Vote for this issue
              Watchers:
              149 Start watching this issue

                Created:
                Updated:
                Resolved: