New update - May 15, 2025
Hi everyone,
We launched the Customer-managed keys (CMK) beta program in May in response to your need for advanced encryption controls, especially our Data Center customers who wanted to move to Atlassian Cloud but needed greater control over and visibility into the encryption of their Atlassian cloud data. Through the beta program, we partnered with some of you to understand your encryption needs and to build a solution that would help you meet your organization’s security and regulatory requirements and unlock your journey to the cloud.
I’m excited to share that CMK has moved out of beta and is now available to purchase as an add-on for your Atlassian organization, that may be enabled on apps such as Confluence, Jira, and Jira Service Management (more details). Please note that it is being incrementally rolled out and can only be enabled on new cloud sites for Cloud Enterprise customers at this time. We are working on bringing CMK to existing cloud sites, and you can follow our progress here.
As a reminder, CMK offers the ability to:
Lock down your data with KMS key policies to restrict access to your cloud data across the Atlassian Cloud Platform
Track and act on encryption events for compliance and incident response
Fortify your defenses with added controls such as authentication validation and network traffic security controls.
What does this mean for you?
Current beta program participants will continue to have access to CMK until the end of their current contract. I’ll contact you to discuss the next steps.
Any customer can purchase CMK as an add-on to a Cloud Enterprise plan, provided they are enabling it on a new cloud site.
Learn more on our website and follow the cloud roadmap to stay updated on our future plans for CMK.
📣 We’d love to hear your feedback
If you have questions, suggestions, or comments, please let us know in the comments below.
Thanks again for your ongoing support.
Cheers,
Hui
Community post - published May 15, 2025
Hi everyone,
I’m excited to announce that Customer-managed keys, our newest encryption capability, is now available in open beta! With Customer-managed keys, you can secure your Atlassian data with KMS keys that you manage, for greater control and visibility over your organization’s data.
Eligible customers can join the open beta by following the steps outlined here. Our Support team will then contact you to begin the onboarding process, where we will enroll your AWS KMS Keys into your Atlassian organization's Customer-managed key encryption policy.
Check out this page for more information and our support documentation to learn how to setup Customer-managed keys and more.
📣 We’d love to hear your feedback
If you have questions, suggestions, or comments, please let us know in the comments below.
Cheers,
Hui
Community post - published Apr 8, 2025
Hello Atlassian Community!
My name is Hui (pronounced “Hway”), and I am a product manager responsible for encryption here at Atlassian.
We launched Bring-your-own-key (BYOK) encryption in 2023/2024 as an initial step to help you move to the cloud while retaining control over your product data. BYOK provided critical encryption key management capabilities; however, we know some of you have even more stringent requirements.
At Team ‘25 Anaheim, we announced that Customer-managed keys, our newest encryption capability, will be in open beta starting Q2 2025. Built upon BYOK encryption, Customer-managed keys inherits the same product data coverage and reflects the least-privilege cybersecurity principle as you’ll no longer need to grant Atlassian administrative IAM role access to your AWS Key Management System (KMS).
With Customer-managed keys, you’ll get:
Added cryptographic separation for product data: This provides you with additional data isolation from other cloud tenants through the use of a distinct set of encryption keys that you manage.
Full control over the lifecycle of keys: Hosting your own encryption keys allows you to independently manage and control your keys at all times.
Increased control over access: Revoking access to the keys suspends access to all your products at any time so you can mitigate the risk of unauthorized access.
Visibility into encryption activity: Controlling your own keys allows you to monitor encryption key access activity, validating proper usage and access.
Who is eligible to join the open beta?
Cloud Enterprise customers or those trialing Cloud Enterprise
Only new cloud product sites will be supported
How do I sign up for open beta?
We’ll update this post when the open beta launches and share instructions on how to join, so please ‘watch’ this page. In the meantime, check out our Customer-managed keys whitepaper to learn more about encryption at Atlassian, and follow the Atlassian cloud roadmap to stay up-to-date.
We’re always looking to hear from you, so please share any questions or comments below.
Cheers,
Hui
Hi Edgar,
Thanks for your feedback, and I am in total agreement that cloud backup is an essential capability.
Atlassian cloud has a built-in process for disaster recovery, which go across customers at the entire cloud level. Read more.
At each customer level, including BYOK and CMK customers, Backup Manager is still in place for use. And a sneak peak for an exciting next deliverable in CMK, BRIE (backup-restore-import-export), the next generation of Backup Manager, will become supported for CMK-enabled cloud instances.
Please keep an eye on our public roadmap. Cheers,
Hui