Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

best practice for keeping login/password details within issue description/comments

Rafal
Rafal May 11, 2022

Sometimes you need to use regular issues' fields like description or comments to store the password and any other fragile data. What would be your best choice to do this?

Comment
Watch
Like # people like this
775 views

4 comments

Comment

Log in or Sign up to comment
Sergei Gridnevskii
Sergei Gridnevskii
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 11, 2022

Well you can use Issue based security to limit those who can see these issues. But this will require discipline from your side.

 

I think best option would be to use external password storage. And put the link to the storage in comment. When anyone clicks on it he will authenticate himself and will get a password.  Something like keepass.

Like # people like this
Reply
Anne Saunders
Anne Saunders
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 11, 2022

It's not a good practice to include any credentials in plain text anywhere, even with special security settings.

BitWarden and 1Password also both offer very nice secure sending of creds outside your org.

Like Rafal likes this
Aaron Jestrab
Aaron Jestrab May 11, 2022

Agree, you should never store any passwords or sensitive information in an application that is not meant for that purpose and designed to secure it properly. 

Personally I use LastPass and then notate how the password is stored in the ticket. We do not even transmit that type of information via a ticket as it is not easily removed or cleaned from the system, risk is too high for it to be retrieved without authorization, etc.

Like # people like this
Reply
W Bot
W Bot May 11, 2022

Agreed all around.  Links to something secure with access control.  KeePass and lastpass are great. 

As an alternative, A web link to a box/dropbox/onedrive file is dramatically less secure than the above, but at least you would have 2FA and better permissions control.  I don't recommend this, but it's still better than plaintext in jira that you could literally search instance wide in seconds.

Like Anne Saunders likes this
Reply
Like # people like this
Reply
groups-icon
Jira Cloud Admins
TAGS
AUG Leaders

Atlassian Community Events

See all events