diff --git a/core/src/test/groovy/jenkins/security/DefaultConfidentialStoreTest.groovy b/core/src/test/groovy/jenkins/security/DefaultConfidentialStoreTest.groovy
deleted file mode 100644
index 83cdaf218cb348d23c0ed20d3e1709b87545d94e..0000000000000000000000000000000000000000
--- a/core/src/test/groovy/jenkins/security/DefaultConfidentialStoreTest.groovy
+++ /dev/null
@@ -1,54 +0,0 @@
-package jenkins.security
-
-import hudson.FilePath
-import hudson.Functions
-import hudson.Util
-import org.junit.After
-import org.junit.Before
-import org.junit.Test
-
-/**
- * @author Kohsuke Kawaguchi
- */
-public class DefaultConfidentialStoreTest {
-
-    def tmp;
-
-    @Before
-    void setup() {
-        tmp = Util.createTempDir()
-    }
-
-    @After
-    void tearDown() {
-        Util.deleteRecursive(tmp)
-    }
-
-    @Test
-    void roundtrip() {
-        tmp.deleteDir()   // let ConfidentialStore create a directory
-
-        def store = new DefaultConfidentialStore(tmp);
-        def key = new ConfidentialKey("test") {};
-
-        // basic roundtrip
-        def str = "Hello world!"
-        store.store(key, str.bytes)
-        assert new String(store.load(key))==str
-
-        // data storage should have some stuff
-        assert new File(tmp,"test").exists()
-        assert new File(tmp,"master.key").exists()
-
-        assert !new File(tmp,"test").text.contains("Hello") // the data shouldn't be a plain text, obviously
-
-        if (!Functions.isWindows())
-            assert (new FilePath(tmp).mode()&0777) == 0700 // should be read only
-
-        // if the master key changes, we should gracefully fail to load the store
-        new File(tmp,"master.key").delete()
-        def store2 = new DefaultConfidentialStore(tmp)
-        assert new File(tmp,"master.key").exists()  // we should have a new key now
-        assert store2.load(key)==null;
-    }
-}
diff --git a/core/src/test/java/jenkins/security/DefaultConfidentialStoreTest.java b/core/src/test/java/jenkins/security/DefaultConfidentialStoreTest.java
new file mode 100644
index 0000000000000000000000000000000000000000..539b72ddc45aab4858071f892ec4cc0739552319
--- /dev/null
+++ b/core/src/test/java/jenkins/security/DefaultConfidentialStoreTest.java
@@ -0,0 +1,47 @@
+package jenkins.security;
+
+import hudson.FilePath;
+import hudson.Functions;
+import java.io.File;
+import org.apache.commons.io.FileUtils;
+import static org.hamcrest.CoreMatchers.*;
+import static org.junit.Assert.*;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+
+public class DefaultConfidentialStoreTest {
+
+    @Rule
+    public TemporaryFolder tmpRule = new TemporaryFolder();
+
+    @Test
+    public void roundtrip() throws Exception {
+        File tmp = new File(tmpRule.getRoot(), "tmp"); // let ConfidentialStore create a directory
+
+        DefaultConfidentialStore store = new DefaultConfidentialStore(tmp);
+        ConfidentialKey key = new ConfidentialKey("test") {};
+
+        // basic roundtrip
+        String str = "Hello world!";
+        store.store(key, str.getBytes());
+        assertEquals(str, new String(store.load(key)));
+
+        // data storage should have some stuff
+        assertTrue(new File(tmp, "test").exists());
+        assertTrue(new File(tmp, "master.key").exists());
+
+        assertThat(FileUtils.readFileToString(new File(tmp, "test")), not(containsString("Hello"))); // the data shouldn't be a plain text, obviously
+
+        if (!Functions.isWindows()) {
+            assertEquals(0700, new FilePath(tmp).mode() & 0777); // should be read only
+        }
+
+        // if the master key changes, we should gracefully fail to load the store
+        new File(tmp, "master.key").delete();
+        DefaultConfidentialStore store2 = new DefaultConfidentialStore(tmp);
+        assertTrue(new File(tmp, "master.key").exists()); // we should have a new key now
+        assertNull(store2.load(key));
+    }
+
+}