Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
2
-
Description
AWS Secrets Manager allows to rotate the password used for database connectivity on a regular interval without human interaction. There is no such feature implemented in Jira.
Suggested Solution
Create an integration between Jira and the AWS Secrets Manager to update the database password automatically.
AWS provides a reference JDBC implementation that intercepts calls to the driver and replaces credentials on the fly. The examples provided use C3P0 (which Jira does not use), so I'm not sure if it's applicable - https://github.com/aws/aws-secretsmanager-jdbc
Suggested workaround
AWS Secrets Manager has a API that permits to use scrips to connect to it and collect the new password. A possible workaround would be:
- Create a script to get the new password from the AWS Secrets Manager as described in this page: How to use AWS Secrets Manager to rotate credentials for all Amazon RDS database types, including Oracle
- Use the script to update the password retrieve from the AWS to update the database password in JIRA_INSTALL/conf/dbconfig.xml
- Finally, use the script to restart the Jira