Automating API token Rotation for Atlassian Jira

Ahmed Mohamed November 19, 2024

 

I'm currently exploring best practices for API key management and rotation for our integration with Atlassian Jira. As part of our security measures, we want to rotate API keys programmatically to align with industry standards, which recommend regular key rotation to enhance security.

Current Situation:

  • We are aware of the ability to manually create and manage API tokens through the Atlassian UI.
  • We are looking for ways to automate the key rotation process, ideally via a REST API or any backend solution that supports automated key generation and management.

Key Questions:

  1. Is there an existing REST API or endpoint provided by Atlassian that allows for the creation of API tokens programmatically on behalf of a user?
  2. Are there any recommended practices or third-party tools that integrate with Atlassian to help automate API key rotation while adhering to security best practices?
  3. Has anyone implemented browser automation, or other creative solutions, to manage key rotation, and what were your experiences or challenges?

We currently use secret management tools like HashiCorp Vault and CI/CD workflows for managing credentials, but we want to know if direct API integration with Jira for key rotation is feasible.

For context, this is for a service account.

Any insights, advice, or pointers to relevant documentation would be greatly appreciated. Thank you for your time and assistance!

3 answers

3 votes
Mikael Sandberg
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
November 19, 2024

Hi @Ahmed Mohamed,

Welcome to Atlassian Community!

The short answer is no, currently there is no REST API that would allow you to modify an automation. There is a suggestion, AUTO-51, that you can vote on and follow.  

Ahmed Mohamed November 19, 2024

Is there a way around it i.e. a post request to create/delete an API token for a service account?
There is this question answered but no reply in regards to where to find the REST api endpoint
https://community.atlassian.com/t5/Jira-questions/Create-API-Token-using-rest-API/qaq-p/1272508

Mikael Sandberg
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
November 19, 2024

As @Marc - Devoteam mentioned below you can create/delete API tokens, but that does not help you with changing the tokens in your automations...

Ahmed Mohamed November 19, 2024

Could you provide a link to the documentation around creating/deleting API tokens?

Ahmed Mohamed November 19, 2024

ahh sorry just saw the message below, thanks!

0 votes
Michael February 13, 2025

I don't know about the cloud instances. But recently I had the same demand for our dev service stack (on-prem). I didn't found a ready-to-use solution so I built my own in Python. With this program it's possible for us to rotate the personal access tokens of all system users of Artifactory, Bamboo, Bitbucket, Confluence, Jira and SonarQube via their REST APIs.

At first all tokens are checked for validity. For each token which is or will shortly be invalid a new token is generated and automatically added to our Bamboo projects (this is our main use case). If all tokens were successfully created and set, the old tokens will be deleted.

All the APIs are a little different. But it may be easy to implement a small rotator for your use case calling the needed endpoints and saving the token to your vault.

Here are all the API docs:

0 votes
Marc - Devoteam
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 19, 2024

Hi @Ahmed Mohamed 

@Mikael Sandberg is correct

There is only options to get or delete a token via the API, no create option.

See, api-group-api-tokens 

Other option are on the API token API, see https://developer.atlassian.com/cloud/admin/api-access/rest/intro/#about , but also no create options

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS
AUG Leaders

Atlassian Community Events