Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Looking for a Secure Masked custom field that is auditable for anyone who views the contents

Jason Michaud
Jason Michaud
Contributor
December 16, 2025

We are a healthcare organization who tracks PHI in our Jira Issues - but needs to hide it from Jira Agents unless they need to view the information to do their work.

We are looking for a solution that does two things:

  1. Password protects and masks a custom field that contains secure data such as PHI.
  2. Password protects and hides specific attachments/files that have been selected to contain PHI. It's not for all attachments - just ones the uploader chooses.

We have looked at Secure Fields add-on - but that is limited to just the assignee of the ticket. We want anyone who views the ticket to have access to unmask secure fields or view locked attachments. But it has to be password protected or auditable.

Answer
Watch
Like Be the first to like this
63 views

2 answers

1 vote
Hari Krishna
Hari Krishna
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
December 16, 2025

Hi @Jason Michaud ,

Jira cannot password-protect or selectively lock individual fields or attachments with audit logging for all viewers. Apps like Secure Fields are limited (for example, assignee-only access), and attachment-level password protection is not supported out of the box.

What teams usually do:

Use a marketplace app that supports masking and audit logs, or

Don’t store PHI in Jira at all — store it in a secure external system and keep only a reference/link in Jira.

So yes, your requirement is valid, but it needs an app or an external secure system, not Jira alone.

Reply
0 votes
Jakub Kochańczyk
Jakub Kochańczyk
Contributor
December 17, 2025

Hi @Jason Michaud 

 

my name is Jakub Kochańczyk and I am Product Owner of the Secure Fields for Jira.
you can configure configure access rules Secure Fields to no only on assignee but on multiple criterias - as descirbed here: https://wiki.almarise.com/spaces/SF/pages/70517453/Managing+and+Assigning+permissions

With Secure Password Field Type you get all your requirements covered:

- data encryption in DB - with encryption key customization

- masking of values in user interface

- audit log of acccess - (succsessfull and not)

- access to data after re-authorization.

 

 

 

 

We can schedul a quick call. Please drop us a demo request
https://jira.almarise.com/servicedesk/customer/portal/8 

Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Management
Jira Service Management
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security