Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

best practice for keeping login/password details within issue description/comments

Rafal
Rafal May 11, 2022

Sometimes you need to use regular issues' fields like description or comments to store the password and any other fragile data. What would be your best choice to do this?

Comment
Watch
Like # people like this
1045 views

4 comments

Comment

Log in or Sign up to comment
Sergei Gridnevskii
Sergei Gridnevskii
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 11, 2022

Well you can use Issue based security to limit those who can see these issues. But this will require discipline from your side.

 

I think best option would be to use external password storage. And put the link to the storage in comment. When anyone clicks on it he will authenticate himself and will get a password.  Something like keepass.

Like # people like this
Reply
Anne Saunders
Anne Saunders
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 11, 2022

It's not a good practice to include any credentials in plain text anywhere, even with special security settings.

BitWarden and 1Password also both offer very nice secure sending of creds outside your org.

Like Rafal likes this
Aaron Jestrab
Aaron Jestrab May 11, 2022

Agree, you should never store any passwords or sensitive information in an application that is not meant for that purpose and designed to secure it properly. 

Personally I use LastPass and then notate how the password is stored in the ticket. We do not even transmit that type of information via a ticket as it is not easily removed or cleaned from the system, risk is too high for it to be retrieved without authorization, etc.

Like # people like this
Reply
W Bot
W Bot May 11, 2022

Agreed all around.  Links to something secure with access control.  KeePass and lastpass are great. 

As an alternative, A web link to a box/dropbox/onedrive file is dramatically less secure than the above, but at least you would have 2FA and better permissions control.  I don't recommend this, but it's still better than plaintext in jira that you could literally search instance wide in seconds.

Like Anne Saunders likes this
Reply
Christophe Noualhat
Christophe Noualhat May 11, 2022

don't .... 

Like # people like this
Reply

Recommended Learning For You

Level up your skills with Atlassian learning

Learning Path

Jira Administrator

Jira Software

Configure Jira Software, Jira Core, or Jira Service Management, including global settings, permissions, and schemes.

12.7h Advanced
Path

Managing Jira Projects Cloud

Jira Software

Learn to create and configure company-managed projects in Jira Software and partner effectively with Jira Admins.

4h Intermediate
On Demand

Managing Permissions in Jira Cloud

Jira Software

Sharpen your skills at configuring and troubleshooting permissions in Jira Cloud with this free course.

1h Advanced
Free
groups-icon
Jira Cloud Admins
TAGS
AUG Leaders

Atlassian Community Events

    See all events