I'm currently exploring best practices for API key management and rotation for our integration with Atlassian Jira. As part of our security measures, we want to rotate API keys programmatically to align with industry standards, which recommend regular key rotation to enhance security.
We currently use secret management tools like HashiCorp Vault and CI/CD workflows for managing credentials, but we want to know if direct API integration with Jira for key rotation is feasible.
For context, this is for a service account.
Any insights, advice, or pointers to relevant documentation would be greatly appreciated. Thank you for your time and assistance!
Hi @Ahmed Mohamed,
Welcome to Atlassian Community!
The short answer is no, currently there is no REST API that would allow you to modify an automation. There is a suggestion, AUTO-51, that you can vote on and follow.
Is there a way around it i.e. a post request to create/delete an API token for a service account?
There is this question answered but no reply in regards to where to find the REST api endpoint
https://community.atlassian.com/t5/Jira-questions/Create-API-Token-using-rest-API/qaq-p/1272508
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
As @Marc - Devoteam mentioned below you can create/delete API tokens, but that does not help you with changing the tokens in your automations...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Could you provide a link to the documentation around creating/deleting API tokens?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I don't know about the cloud instances. But recently I had the same demand for our dev service stack (on-prem). I didn't found a ready-to-use solution so I built my own in Python. With this program it's possible for us to rotate the personal access tokens of all system users of Artifactory, Bamboo, Bitbucket, Confluence, Jira and SonarQube via their REST APIs.
At first all tokens are checked for validity. For each token which is or will shortly be invalid a new token is generated and automatically added to our Bamboo projects (this is our main use case). If all tokens were successfully created and set, the old tokens will be deleted.
All the APIs are a little different. But it may be easy to implement a small rotator for your use case calling the needed endpoints and saving the token to your vault.
Here are all the API docs:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Mikael Sandberg is correct
There is only options to get or delete a token via the API, no create option.
See, api-group-api-tokens
Other option are on the API token API, see https://developer.atlassian.com/cloud/admin/api-access/rest/intro/#about , but also no create options
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.