Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-71718

Automatic password rotation for AWS Secrets Manager

XMLWordPrintable

    • 4
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      AWS Secrets Manager allows to rotate the password used for database connectivity on a regular interval without human interaction. There is no such feature implemented in Jira.

      Suggested Solution

      Create an integration between Jira and the AWS Secrets Manager to update the database password automatically.

      AWS provides a reference JDBC implementation that intercepts calls to the driver and replaces credentials on the fly. The examples provided use C3P0 (which Jira does not use), so I'm not sure if it's applicable - https://github.com/aws/aws-secretsmanager-jdbc

      Suggested workaround

      AWS Secrets Manager has a API that permits to use scrips to connect to it and collect the new password. A possible workaround would be:

      1. Create a script to get the new password from the AWS Secrets Manager as described in this page: How to use AWS Secrets Manager to rotate credentials for all Amazon RDS database types, including Oracle
      2. Use the script to update the password retrieve from the AWS to update the database password in JIRA_INSTALL/conf/dbconfig.xml
      3. Finally, use the script to restart the Jira

              Unassigned Unassigned
              allewellyn@atlassian.com Alex [Atlassian,PSE]
              Votes:
              15 Vote for this issue
              Watchers:
              13 Start watching this issue

                Created:
                Updated: