Why is the Stash database password in plaintext?

Is there a way to hash the password for the stash database password? I was looking up how to change the password here: https://confluence.atlassian.com/display/STASH029/How+do+I+change+the+external+database+passwordand I realized our external database password was being stored in plaintext. Is this going to be changed in the future? I know we can chmod 700 on the directories so that only the jira service account can see the files, but our security team isn't happy that our possible production database password can be seen.

1 answer

1 accepted

This widget could not be displayed.

Hi Jen,

I'm curious how Stash would be able to connect to the database with a hashed password? The best you can do is encode it somehow, but anyone that gains access to the file will most likely be able to decode it again.

I'm assuming the password is for a Stash specific user in the database, that doesn't have access to anything else.

In any case I'm afraid we don't support non-plaintext passwords currently. chmoding the file is a good idea. Feel free to raise a feature request if you like.


Hi Charles,

Thank you for linking that ticket. That is exactly the issue I was concerned with. I have set permissions on the folder for access by the stash admin for now. I'll make sure to keep track to that ticket to see where it is going.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Aug 21, 2018 in Bitbucket

Branch Management with Bitbucket

As a project manager, I have discovered that different developers want to bring their previous branching method with them when they join the team. Some developers are used to performing individual wo...

1,524 views 9 11
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you