Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Update: Customer-managed keys is now available as an add-on!

Hui Ren
Hui Ren
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 8, 2025

New update - May 15, 2025

 

Hi everyone,

We launched the Customer-managed keys (CMK) beta program in May in response to your need for advanced encryption controls, especially our Data Center customers who wanted to move to Atlassian Cloud but needed greater control over and visibility into the encryption of their Atlassian cloud data. Through the beta program, we partnered with some of you to understand your encryption needs and to build a solution that would help you meet your organization’s security and regulatory requirements and unlock your journey to the cloud.

I’m excited to share that CMK has moved out of beta and is now available to purchase as an add-on for your Atlassian organization, that may be enabled on apps such as Confluence, Jira, and Jira Service Management (more details). Please note that it is being incrementally rolled out and can only be enabled on new cloud sites for Cloud Enterprise customers at this time. We are working on bringing CMK to existing cloud sites, and you can follow our progress here.

As a reminder, CMK offers the ability to:

  • Lock down your data with KMS key policies to restrict access to your cloud data across the Atlassian Cloud Platform

  • Track and act on encryption events for compliance and incident response

  • Fortify your defenses with added controls such as authentication validation and network traffic security controls.

Alert What does this mean for you?

  • Current beta program participants will continue to have access to CMK until the end of their current contract. I’ll contact you to discuss the next steps.

  • Any customer can purchase CMK as an add-on to a Cloud Enterprise plan, provided they are enabling it on a new cloud site.

Learn more on our website and follow the cloud roadmap to stay updated on our future plans for CMK.

📣 We’d love to hear your feedback

If you have questions, suggestions, or comments, please let us know in the comments below.

Thanks again for your ongoing support.

Cheers,

Hui

 

 

Community post - published May 15, 2025  

Hi everyone,

I’m excited to announce that Customer-managed keys, our newest encryption capability, is now available in open beta! With Customer-managed keys, you can secure your Atlassian data with KMS keys that you manage, for greater control and visibility over your organization’s data.

Eligible customers can join the open beta by following the steps outlined here. Our Support team will then contact you to begin the onboarding process, where we will enroll your AWS KMS Keys into your Atlassian organization's Customer-managed key encryption policy.

Check out page for more information and our to learn how to setup Customer-managed keys and more.

📣 We’d love to hear your feedback

If you have questions, suggestions, or comments, please let us know in the comments below.

Cheers,

Hui

 

Community post - published Apr 8, 2025

 

Hello Atlassian Community!

My name is Hui (pronounced “Hway”), and I am a product manager responsible for encryption here at Atlassian.

We launched Bring-your-own-key (BYOK) encryption in 2023/2024 as an initial step to help you move to the cloud while retaining control over your product data. BYOK provided critical encryption key management capabilities; however, we know some of you have even more stringent requirements.

At Team ‘25 Anaheim, we announced that Customer-managed keys, our newest encryption capability, will be in open beta starting Q2 2025. Built upon BYOK encryption, Customer-managed keys inherits the same product data coverage and reflects the least-privilege cybersecurity principle as you’ll no longer need to grant Atlassian administrative IAM role access to your AWS Key Management System (KMS).

With Customer-managed keys, you’ll get:

  • Added cryptographic separation for product data: This provides you with additional data isolation from other cloud tenants through the use of a distinct set of encryption keys that you manage.

  • Full control over the lifecycle of keys: Hosting your own encryption keys allows you to independently manage and control your keys at all times.

  • Increased control over access: Revoking access to the keys suspends access to all your products at any time so you can mitigate the risk of unauthorized access.

  • Visibility into encryption activity: Controlling your own keys allows you to monitor encryption key access activity, validating proper usage and access.

Who is eligible to join the open beta?

  • Cloud Enterprise customers or those trialing Cloud Enterprise

  • Only new cloud product sites will be supported

How do I sign up for open beta?

We’ll update this post when the open beta launches and share instructions on how to join, so please ‘watch’ this page. In the meantime, check out our Customer-managed keys whitepaper to learn more about encryption at Atlassian, and follow the Atlassian cloud roadmap to stay up-to-date.

We’re always looking to hear from you, so please share any questions or comments below.

Cheers,

Hui

Comment
Watch
Like # people like this
1748 views

1 comment

Comment

Log in or Sign up to comment
Edgar Koenig - SVA
Edgar Koenig - SVA
Contributor
April 9, 2025

Hi Hui Ren,

first of all, this is wonderful news. Atlassian being able to access the KMS as an admin was a reason for many customers not to use BYOK. It's great that this point has been addressed.

I have a question about the connection of customer keys and backups. As far as I know, Atlassian does not support backups of products that use BYOK. That won't be any different for customer keys, will it?

I ask because this is a major issue. All our customers need a cloud backup and at least the theoretical possibility to restore their data in case of a disaster. The decision should not be BYOK or backup, but both should be possible together.

Like
Hui Ren
Hui Ren
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 9, 2025

Hi Edgar,

Thanks for your feedback, and I am in total agreement that cloud backup is an essential capability.

Atlassian cloud has a built-in process for disaster recovery, which go across customers at the entire cloud level. Read more.

At each customer level, including BYOK and CMK customers, Backup Manager is still in place for use. And a sneak peak for an exciting next deliverable in CMK, BRIE (backup-restore-import-export), the next generation of Backup Manager, will become supported for CMK-enabled cloud instances.

Please keep an eye on our public roadmap. Cheers,

Hui

Like
Reply
groups-icon
Trust & Security
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security