Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

BYOK encryption

Jim Knepley - ReleaseTEAM
Jim Knepley - ReleaseTEAM
Atlassian Partner
October 5, 2023

Based on the recent announcement, I started to dig into the BYOK encryption.

I noticed the IAM role that customers apply to allow access to their KMS keys doesn't include kms:Encrypt or kms:Decrypt operations.

(protip: constrain that policy to only the keys you want to allow Atlassian to access, unlike the "*" it is by default)

Not having the encrypt or decrypt operations suggests to me that Atlassian is importing the key material, keeping a copy for themselves, and periodically checking KMS if the key has been invalidated.

Has anyone played with this enough to understand how it's operating?

Comment
Watch
Like Laurie Sciutti likes this
569 views

1 comment

Comment

Log in or Sign up to comment
Hui Ren
Hui Ren
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 26, 2024

Jim - apologies for the delayed response. As I posted in the recent comment, IAM role in the template essentially allows to create grant operations including encryption and decryption.

To the earlier question where you linked, Atlassian does not and cannot import master key materials from AWS KMS. By AWS design, master keys will never leave KMS, and its key material is never exposed in plaintext.

Like
Reply

Recommended Learning For You

Level up your skills with Atlassian learning

Learning Path

Become an effective Jira admin

Jira Software

Manage global settings and shared configurations called schemes to achieve goals more quickly.

5.9h Advanced
Free

Streamline Jira administration with effective governance

Atlassian logo

Improve how you administer and maintain Jira and minimize clutter for users and administrators.

1.1h Advanced
Free

Learning Path

Become an effective Jira software project admin

Jira Software

Set up software projects and configure tools and agile boards to meet your team's needs.

8.9h Intermediate
Free
groups-icon
Jira Cloud Admins
TAGS
AUG Leaders

Atlassian Community Events

    See all events