From ed57ca1bc399e34339641178c7df42e1876a8671 Mon Sep 17 00:00:00 2001
From: Yevhen Ivantsov <yivantsov@atlassian.com>
Date: Mon, 7 Aug 2023 08:43:54 +1000
Subject: [PATCH 1/2] Add a condition in dbconfig template to use
 SecretsManager

---
 roles/jira_config/templates/dbconfig.xml.j2 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/jira_config/templates/dbconfig.xml.j2 b/roles/jira_config/templates/dbconfig.xml.j2
index c2b92c4..4e2bd9c 100644
--- a/roles/jira_config/templates/dbconfig.xml.j2
+++ b/roles/jira_config/templates/dbconfig.xml.j2
@@ -8,7 +8,11 @@
   <jdbc-datasource>
     <url>{{ atl_jdbc_url }}</url>
     <username>{{ atl_jdbc_user }}</username>
+    {% if atl_product_version.split(".")[:2] | join(".") is version('9.11', '>=') and atl_secretsmanager_aws_region is defined and atl_secretsmanager_aws_region != "" and atl_secretsmanager_aws_secret_id is defined and atl_secretsmanager_aws_secret_id != "" -%}
+    <atlassian-password-cipher-provider>com.atlassian.secrets.store.aws.AwsSecretsManagerStore</atlassian-password-cipher-provider>
+    {% else -%}
     <password>{{ atl_jdbc_password | replace("&", "&amp;") }}</password>
+    {% endif -%}
     <driver-class>{{ atl_db_driver }}</driver-class>
     {% if 'postgres' in atl_db_type %}
       <connection-properties>tcpKeepAlive={{ atl_db_keepalive }};socketTimeout={{ atl_db_sockettimeout }}</connection-properties>

From 4dda48b45fa10f4498f635980e2b6dde404b5204 Mon Sep 17 00:00:00 2001
From: Yevhen Ivantsov <yivantsov@atlassian.com>
Date: Mon, 7 Aug 2023 08:46:12 +1000
Subject: [PATCH 2/2] Add password property

---
 roles/jira_config/templates/dbconfig.xml.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/jira_config/templates/dbconfig.xml.j2 b/roles/jira_config/templates/dbconfig.xml.j2
index 4e2bd9c..19f72a4 100644
--- a/roles/jira_config/templates/dbconfig.xml.j2
+++ b/roles/jira_config/templates/dbconfig.xml.j2
@@ -10,6 +10,7 @@
     <username>{{ atl_jdbc_user }}</username>
     {% if atl_product_version.split(".")[:2] | join(".") is version('9.11', '>=') and atl_secretsmanager_aws_region is defined and atl_secretsmanager_aws_region != "" and atl_secretsmanager_aws_secret_id is defined and atl_secretsmanager_aws_secret_id != "" -%}
     <atlassian-password-cipher-provider>com.atlassian.secrets.store.aws.AwsSecretsManagerStore</atlassian-password-cipher-provider>
+    <password>{"region": "{{ atl_secretsmanager_aws_region }}", "secretId": "{{ atl_secretsmanager_aws_secret_id }}"}</password>
     {% else -%}
     <password>{{ atl_jdbc_password | replace("&", "&amp;") }}</password>
     {% endif -%}