-
Suggestion
-
Resolution: Fixed
-
17
-
23
-
Problem
Passwords are not encrypted in the following file:
- confluence-mail.cfg.xml
- confluence.cfg.xml
- catalina.properties
- server.xml
- other files that contain password
Suggested solution
Resolve an encryption scheme for anything requiring security stored on the file system.
Hi everyone,
Thanks for your interest in this suggestion. I'm pleased to let you know that we have released default password encryption for Confluence in version 9.1.
Further information on this can be found in our release notes, and here.
Kind regards,
Michael Andreacchio
Confluence Data Center Product Management
- is duplicated by
-
- Closed
-
- Closed
-
- Closed
- is related to
-
- Closed
- relates to
-
CONFSERVER-31605 LDAP and Active Directory credentials are stored in plain text in database
-
- Closed
-
-
- Closed
-
- Closed
-
- Closed
-
- Gathering Interest
-
- Gathering Interest
-
- Gathering Interest
-
- Gathering Interest
-
- Under Consideration
-
ANTM-638 Loading...
-
- is action for
-
- is resolved by
-
- mentioned in
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
[CONFSERVER-2146] Encrypt all passwords stored on the file system
| Remote Link | New: This issue links to "DCCLIP-1115 (JIRA Server (Bulldog))" [ 980268 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 966112 ] |
| Remote Link | Original: This issue links to "Page (Confluence)" [ 956194 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 956194 ] |
When are we going to get this backported to the Long Term Support Version?
| Description |
Original:
h2. Problem
Passwords are not encrypted in the following file: * confluence-mail.cfg.xml * confluence.cfg.xml * catalina.properties * server.xml * other files that contain password h2. Suggested solution Resolve an encryption scheme for anything requiring security stored on the file system. {panel:title=Atlassian Update - 2024-05-06|borderStyle=solid|borderColor=#6554c0|titleBGColor=#6554c0|bgColor=#eae6ff} Hi everyone, This is [~mandreacchio] from the Confluence DC PM team. Thank you for your interest in this suggestion. I'm transitioning this issue over to In Progress given we've started work on this suggestion. In Confluence 8.7 we rolled-out AES (128-bit) and external-secret manager (AWS Secret Manager and Hashicorp Vault) for database configuration secrets (confluence.cfg.xml). Additionally, we've enabled AES encryption (128-bit) in the user directory configuration / server.xml in Confluence 8.9. We'll be bringing in more files/areas under the expanded scope for AES 256-bit _encryption by default,_ [we've shared this on our public roadmap via this announcement.|https://www.atlassian.com/wac/roadmap/data-center/Secret-Manager-integration-mail-server?p=57ff5d7a-10] We hope to bring the remaining functionality to close out this request to you soon, please keep an eye here and on our release notes for further updates. Kind regards, Michael Andreacchio Confluence Data Center Product Management {panel} |
New:
h2. Problem
Passwords are not encrypted in the following file: * confluence-mail.cfg.xml * confluence.cfg.xml * catalina.properties * server.xml * other files that contain password h2. Suggested solution Resolve an encryption scheme for anything requiring security stored on the file system. {panel:title=Atlassian Update - 2024-10-08|borderStyle=solid|borderColor=#6554c0|titleBGColor=#6554c0|bgColor=#eae6ff} Hi everyone, Thanks for your interest in this suggestion. I'm pleased to let you know that we have released default password encryption for Confluence in version 9.1. Further information on this can be found in [our release notes|https://confluence.atlassian.com/doc/confluence-9-1-release-notes-1431966396.html?atl_token=c965cffff3c45839e64a043fd312c85e30d741e8#Confluence9.1releasenotes-Defaultencryption], and [here|https://confluence.atlassian.com/doc/confluence-home-and-other-important-directories-590259707.html]. Kind regards, Michael Andreacchio Confluence Data Center Product Management {panel} |
| Fix Version/s | New: 9.1.0 [ 108795 ] | |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: In Progress [ 3 ] | New: Closed [ 6 ] |
Dear Customers,
Thanks for your interest in this suggestion. I'm pleased to let you know that we have released default password encryption for Confluence in version 9.1.
Further information on this can be found in our release notes, and here.
Kind regards,
Michael Andreacchio
Confluence Data Center
| Link | New: This issue relates to CONFSERVER-98153 [ CONFSERVER-98153 ] |
Thanks for your question 779da16e148c. Currently there's no plans to backport this feature into a previous LTS such as 8.5. We are soon to be shipping Confluence 9.2LTS nearing the end of the year with this and several other security features we're excited to see customers adopt. You can learn more about what Confluence 9.2 will be featuring in this blog. Thank you.