You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Join now to unlock these features and more
We are excited to announce that Bring Your Own Keys (BYOK) encryption for Jira Software is now available to all customers with Enterprise plans.
For customers who are required to apply BYOK encryption upon the cloud migration, the Atlassian BYOK encryption program will enable your own key space for encrypting and decrypting data at-rest. This gives you, our valued customers, greater control and therefore greater comfort in meeting your required compliance or security posture.
To get started with Jira Software BYOK encryption, please reach out to your account representative.
Beyond the initial general availability scope, our team is committed to furthering our BYOK journey and providing more data protection values to our customers. We encourage you to share your BYOK security guidelines with us, so we can consider them in our future roadmap.
I’m including a few most frequently asked questions below. To learn more, please check out our documentation on BYOK encryption. If your questions are not covered, please don’t hesitate to comment below.
Most Frequently Asked Questions:
What data is managed with BYOK encryption?
We are committed to continuously expanding the BYOK coverage in relation to data and products. Learn what data is managed with BYOK encryption.
Is there a plan to offer BYOK capability beyond the Cloud Enterprise plan?
At this time BYOK encryption is only offered through the Cloud Enterprise and Cloud Enterprise trial plans due to the complexity of supporting this program. We are researching and exploring the possibilities of extending the offering in the future. You may watch this ticket for future updates: CLOUD-11064
Does Atlassian have the login access to my AWS console that is used to manage keys?
No. Atlassian does not have access to your AWS Console. Our BYOK function relies on the cross-account Identity and Access Management (IAM) with only API-level access into certain Key Management Service (KMS) operations that are granted by your admin. Each and every access initiated by Atlassian is recorded in the CloudTrail that you have access to.
It’s worth noting that with our current key model, the BYOK encryption will request new key creation when needed, in addition to performing encryption and decryption. This is to maintain the same least-privilege principle and data segregation security measures that are implemented in Atlassian systems. We are actively working on shielding our customers from this complexity.
Will non-AWS key stores be supported?
It is included in our future horizon to support customer keys beyond AWS.
Is Confluence EAP still open for signups?
Yes! Please reach out to your account representative to initiate the process.