Encrypting database password with custom Cipher
If you have extra requirements for storing the password, you can create your own Cipher based on our implementation and examples.
This solution is an obfuscation, which doesn’t assure real security. Bamboo still needs to use the plain text password to connect to your database, so the configuration will contain all the information needed to decrypt the password. An attacker could act like Bamboo to obtain the password. We recommend that you secure the server where Bamboo and the database reside.
To encrypt your database password:
Step 1: Create a Maven project and get API dependencies:
- Get 'api' and 'base' dependencies:
<bamboo_installation_directory>/atlassian-bamboo/WEB-INF/lib.に移動します。- 以下の jar ファイルをコピーします。
- password-cipher-api-<version>.jar: This file contains the API.
(optional) password-cipher-base-<version>.jar: This file contains sample implementation.
Maven プロジェクトを作成します。
- Go to
resources, and create a new folderlibs. - Copy the jar files to the
libsfolder. Use the following
pom:<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId><your_group_ID></groupId> <artifactId><your_artifact_ID></artifactId> <version><your_version></version> <properties> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> </properties> <repositories> <repository> <id>local-maven-repo</id> <url>file:///${project.basedir}/libs</url> </repository> </repositories> <build> <resources> <resource> <directory>src/main/resources/libs</directory> <excludes> <exclude>*</exclude> </excludes> <filtering>false</filtering> </resource> </resources> </build> <dependencies> <dependency> <groupId>com.atlassian.db.config</groupId> <artifactId>password-cipher-api</artifactId> <version><api_version></version> <scope>provided</scope> </dependency> <dependency> <groupId>com.atlassian.db.config</groupId> <artifactId>password-cipher-base</artifactId> <version><base_version></version> <scope>provided</scope> </dependency> </dependencies> </project>
ステップ 2: Cipher インターフェイスの実装
The Cipher interface contains only two methods — encrypt and decrypt. Decrypt will be called during Bamboo startup, which means that long running tasks can affect the startup time. Encrypt will not be called by Bamboo, as it's only used in the encryption tool.
You can use Base64Cipher and AlgorithmCipher as examples.
Step 3: Test your implementation
The encryption tool, described in Basic encryption and Advanced encryption, uses the same code as Bamboo to decrypt the password. You can use it to test your implementation.
CLI で jar と同じフォルダにいるとします。
java -cp "./*" com.atlassian.db.config.password.tools.CipherTool -c your.package.here.ClassNameStep 4: Make your lib available to Bamboo
Bamboo must be able to access your lib. Your class will be initiated using reflection. Put the lib in the following directory:
<Bamboo_installation_directory>/atlassian-bamboo/WEB-INF/libAfter upgrading Bamboo, you'll need to copy your lib to the Bamboo installation directory again.