Why is the Stash database password in plaintext?

Is there a way to hash the password for the stash database password? I was looking up how to change the password here: https://confluence.atlassian.com/display/STASH029/How+do+I+change+the+external+database+passwordand I realized our external database password was being stored in plaintext. Is this going to be changed in the future? I know we can chmod 700 on the directories so that only the jira service account can see the files, but our security team isn't happy that our possible production database password can be seen.

1 answer

1 accepted

2 votes
Answer accepted

Hi Jen,

I'm curious how Stash would be able to connect to the database with a hashed password? The best you can do is encode it somehow, but anyone that gains access to the file will most likely be able to decode it again.

I'm assuming the password is for a Stash specific user in the database, that doesn't have access to anything else.

In any case I'm afraid we don't support non-plaintext passwords currently. chmoding the file is a good idea. Feel free to raise a feature request if you like.


Hi Charles,

Thank you for linking that ticket. That is exactly the issue I was concerned with. I have set permissions on the folder for access by the stash admin for now. I'll make sure to keep track to that ticket to see where it is going.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Thursday in Bitbucket Pipelines

Building a Bitbucket Pipe as a casual coder

...ipe.sh :  #!/bin/bash source "$(dirname "$0")/common.sh" enable_debug extra_args="" if [[ "${DEBUG}" == "true" ]]; then extra_args="--verbose" fi # mandatory variables R...

216 views 0 12
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you