Hi,

I'm excited to share that in Confluence Server we are adding an extra layer of security. You can now encrypt the database password that is stored in confluence.cfg.xml file with one of the encryption methods provided.

You can find more information in the below docs

• https://confluence.atlassian.com/display/CONFEAP/Encrypt+database+password
• https://confluence.atlassian.com/display/CONFEAP/Basic+encryption
• https://confluence.atlassian.com/display/CONFEAP/Advanced+encryption
• https://confluence.atlassian.com/display/CONFEAP/Custom+encryption

We are following Jira and Bitbucket’s lead on this for the sake of a consistent admin experience. In Bitbucket It's an opt-in feature that requires an admin to make a choice about what type of Cipher, etc. their installation uses. Hence there is no specific instructions for new installs .

Guidance needed here for whether db password encryption in config should be done for new installs by default, or if it should be opt-in for every customer.