Where to find the database password in Confluence
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Learn the location of the database password in Confluence Data Center.
Solution
Database connected via JDBC URL
If your Confluence instance connects directly via JDBC, then your password will be stored inside the <CONFLUENCE_HOME>/confluence.cfg.xml file.
<property name="hibernate.connection.driver_class">com.mysql.jdbc.Driver</property>
<property name="hibernate.connection.password">confluencepass</property>
<property name="hibernate.connection.url">jdbc:mysql://localhost/confluence?autoReconnect=true</property>
<property name="hibernate.connection.username">confluencedbuser</property>
<property name="hibernate.database.lower_non_ascii_supported">true</property>
<property name="hibernate.dialect">com.atlassian.hibernate.dialect.MySQLDialect</property>Change the "hibernate.connection.password" property to the correct value (in the example above, replace "confluencepass" with the new password).
Encrypted Database Password
Starting from Confluence 9.1, database passwords are encrypted by default using 256-bit AES keys. To identify if your database password has been encrypted by Confluence, look for the line below in confluence.cfg.xml:
<property name="hibernate.connection.password">{ATL_SECURED}</property>In the event that there is a need to update the database password, you can replace "{ATL_SECURED}" above with the new password. Confluence will re-encrypt the new plain text password in the property above on the next startup.
The encrypted database password config and files are stored in the location below:
<Confluence_Shared_Home>/secrets-config.yaml
<Confluence_Shared_Home>/keys/
<Confluence_Shared_Home>/secured/Database connected via JNDI datasource
If your Confluence instance connects via JNDI datasource, then you'll see in the confluence.cfg.xml file something like the following:
<property name="hibernate.setup">true</property>
<property name="hibernate.dialect">com.atlassian.hibernate.dialect.MySQLDialect</property>
<property name="hibernate.connection.datasource">java:comp/env/jdbc/confluence</property>That is, the property "hibernate.connection.datasource" is defined. If so, your password is defined within your datasource. Each application server stores its information differently, but with Tomcat, check your <CONFLUENCE_INSTALL>/conf/server.xml file for the following:
<Resource name="jdbc/confluence" auth="Container" type="javax.sql.DataSource"
username="<database-user>"
password="<password>"
driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://<host>:3306/<database-name>?useUnicode=true&characterEncoding=utf8"
maxTotal="60"
maxIdle="20"
defaultTransactionIsolation="READ_COMMITTED"
validationQuery="Select 1”/> Change the value for the "password" attribute to the new desired value.
Please note that any changes made to the confluence.cfg.xml or server.xml file will require a restart of Confluence to take effect.
Was this helpful?