Hi,
In jira-server plugin, what is the correct way to store secrets in the database?
In Jira-cloud side, I could see below methods which can be used to achieve this.
export interface ForgeStorageAPI extends StorageAPI {
getSecret: (key: string) => Promise<any>;
setSecret: (key: string, value: any) => Promise<void>;
deleteSecret: (key: string) => Promise<void>;
}
Is there any similar apis available for jira-server-app as well?
There is no similar API available in Jira server, but you can store any information in the Jira server database by using Active Objects.
But how would you save a secret using Active Objects so that it is not human readable?
You can’t
You can encrypt data that you store in the database, but the encryption key has to come from somewhere. This is either hard coded in your code (which can be retreived by reverse engineering) or stored in the Jira database or the file system, which will probably also be available to the attacker if they have access to the database.