I found a Community post with comments from a JIRA Development Engineer titled password encryption for database connection that link to comments in JRASERVER-27457 which may help explain why this isn't done natively.
I found a Suggestion request for this at JRASERVER-31004 and one with MSSQL as the Database in question specifically at JRASERVER-37356: Clear text password in dbconfig.xml. Here is an update from JRASERVER-31004 from 2016:
While we understand the importance of this issue for our customers with strict password encryption requirements, we have not been able to prioritize development on this issue and it's not in our immediate plans.
JIRA still needs access to the database – any code to encrypt the DB credentials or the JNDI datasource would have to reside within the application, therefore an attacker who has obtained system-level access to JIRA could still reverse-engineer the implementation and decrypt the password. Therefore you only have "security via obfuscation." Please see this comment on
for more detail. JRA-27457
That said, we do think this is a positive step and want to support you. We hope to implement a solution in the future.
Please vote on JRASERVER-31004: Encrypt Database Password in dbconfig.xml or use integrated authentication to add impact so we can get this implemented into JIRA.
Badges are a great way to show off community activity, whether you’re a newbie or a Champion.Learn more
A picture tells a thousand words. And agility boards have just released their latest feature: cover images on issues – so now your board can tell a story at first glance. Upload attachmen...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs