Jdbc password encryption - SonarQube server won't start

shiva_sq · June 28, 2022, 3:05pm

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
what are you trying to achieve
what have you tried so far to achieve this

I am using SonarQube Community Edition 9.3
I am trying to encrypt jdbc password
i am able to generate Secret Key and paste it in the sonar-secret.txt. and update the secretKeyPath in sonar/conf/sonar.properties file.
But when i restart the server it won’t start.

But what i found it different from official sonar documentation is (Security | SonarQube Docs)

I am not sure why is this different from actual UI.
and i am also confused about the command given in the documentation

sonar.jdbc.password={aes-gcm}CCGCFg4Xpm6r+PiJb1Swfg==  # Encrypted DB password

does it mean that we also need to paste the secret key in properties file along with the sonar-secret.txt ???

Can anyone please clarify these things and solve my issue to successfully encrypt jdbc password.

Thanks in advance

ganncamp · June 28, 2022, 5:45pm

Hi,

When I follow the directions, what you’re showing from the documentation is exactly what I see:

…but only after restart. Did you restart your server?

shiva:

and i am also confused about the command given in the documentation
sonar.jdbc.password={aes-gcm}CCGCFg4Xpm6r+PiJb1Swfg==  # Encrypted DB password
does it mean that we also need to paste the secret key in properties file along with the sonar-secret.txt ???

No.

The sonar.jdbc.password is a value that’s set in sonar.properties. So instead of using the plaintext password value there in that file, you would use the encrypted version instead.

HTH,
Ann

shiva_sq · June 28, 2022, 5:49pm

Hi Ann,

Thank you for your reply.
Yes I did restart the server. but not after pasting secret key and mentioning the path in the properties file, I am unable to restart.

And i can’t see the screenshot on my SQ server UI - I mean the encryption page.

this page i m unable to find

shiva_sq · June 28, 2022, 6:02pm

Hi Ann,

Actually Now i found where it went wrong. Now I am able to see that same page which you can see.
Now,
Do we need to restart the server after modifying clear text password with encrypted value?

Please let me know

ganncamp · June 28, 2022, 6:03pm

Hi,

Your changes to sonar.properties won’t kick in until after a restart.

Ann

system · July 5, 2022, 6:03pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.