Encrypting database password with custom Cipher

データベース パスワードを保護する

このページの内容

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

If you have extra requirements for storing the password, you can create your own Cipher based on our implementation and examples.

This solution is an obfuscation, which doesn’t assure real security. Bamboo still needs to use the plain text password to connect to your database, so the configuration will contain all the information needed to decrypt the password. An attacker could act like Bamboo to obtain the password. We recommend that you secure the server where Bamboo and the database reside.


To encrypt your database password:

Step 1: Create a Maven project and get API dependencies:

  1. Get 'api' and 'base' dependencies:
    1. <bamboo_installation_directory>/atlassian-bamboo/WEB-INF/lib. に移動します。
    2. 以下の jar ファイルをコピーします。
      • password-cipher-api-<version>.jar: This file contains the API.
      • (optional) password-cipher-base-<version>.jar: This file contains sample implementation. 

  2. Maven プロジェクトを作成します。

  3. Go to resources, and create a new folder libs.
  4. Copy the jar files to the libs folder.
  5. Use the following pom:

    <?xml version="1.0" encoding="UTF-8"?>
    <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0http://maven.apache.org/xsd/maven-4.0.0.xsd">
       <modelVersion>4.0.0</modelVersion>
       <groupId><your_group_ID></groupId>
       <artifactId><your_artifact_ID></artifactId>
       <version><your_version></version>
       <properties>
          <maven.compiler.source>1.8</maven.compiler.source>
          <maven.compiler.target>1.8</maven.compiler.target>
       </properties>
       <repositories>
          <repository>
             <id>local-maven-repo</id>
             <url>file:///${project.basedir}/libs</url>
          </repository>
       </repositories>
       <build>
          <resources>
             <resource>
                <directory>src/main/resources/libs</directory>
                <excludes>
                   <exclude>*</exclude>
                </excludes>
                <filtering>false</filtering>
             </resource>
          </resources>
       </build>
       <dependencies>
          <dependency>
             <groupId>com.atlassian.db.config</groupId>
             <artifactId>password-cipher-api</artifactId>
             <version><api_version></version>
             <scope>provided</scope>
          </dependency>
          <dependency>
             <groupId>com.atlassian.db.config</groupId>
             <artifactId>password-cipher-base</artifactId>
             <version><base_version></version>
             <scope>provided</scope>
          </dependency>
       </dependencies>
    </project>

ステップ 2: Cipher インターフェイスの実装

The Cipher interface contains only two methods — encrypt and decrypt. Decrypt will be called during Bamboo startup, which means that long running tasks can affect the startup time. Encrypt will not be called by Bamboo, as it's only used in the encryption tool.

You can use Base64Cipher and AlgorithmCipher as examples

Step 3: Test your implementation

The encryption tool, described in Basic encryption and Advanced encryption, uses the same code as Bamboo to decrypt the password. You can use it to test your implementation.


CLI で jar と同じフォルダにいるとします。

java -cp "./*" com.atlassian.db.config.password.tools.CipherTool -c your.package.here.ClassName

Step 4: Make your lib available to Bamboo

Bamboo must be able to access your lib. Your class will be initiated using reflection. Put the lib in the following directory:

<Bamboo_installation_directory>/atlassian-bamboo/WEB-INF/lib

After upgrading Bamboo, you'll need to copy your lib to the Bamboo installation directory again.



最終更新日 2021 年 7 月 13 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.