Hi Tyrone,
Great question, and definitely a critical area when it comes to reviewing integrations like Rovo with your security team.
While Jira does not currently provide a built-in automation connector that detects sensitive or controlled data in custom fields before it's accessed by a Rovo Agent, here are some practical approaches to consider:
Custom Field Governance
Start by auditing all your custom fields to identify any that might contain sensitive information. Consider using a naming convention or internal documentation to track fields that should never be exposed externally.
Filtering via Middleware
Instead of sending Jira data directly to Rovo, route it through a middleware layer, such as an API gateway or serverless function. This layer can inspect and remove sensitive fields before forwarding the data to Rovo.
Custom Apps with Jira Forge or Connect
If your team is open to development, you can create a Jira app using Forge or Connect to monitor or enforce rules about sensitive data in custom fields. These apps can validate field content before it's shared externally.
Field Security Apps
Apps like "Secure Fields" or "Field Security for Jira" allow you to restrict access to specific fields based on roles or groups. This may help limit what data the Rovo Agent can access, depending on how it authenticates.
Coordinate with Rovo
It’s worth checking directly with the Rovo team to see if they offer any options to filter or exclude specific fields during data ingestion. Some integrations support configuration files or denylists to manage data scope.
Let me know if you’d like help exploring any of these solutions further.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.