Jira can be used for storing secure data, too. Though the system’s basic functionalities don’t allow it, with Secure Fields for Jira it’s now perfectly possible to both encrypt the data and audit all access attempts.
The Password Field stores password behind a secure mask (like here: *********) and require re-authentication when a user tries to show, copy or edit the field’s value.
Moreover, every access attempt is recorded and auditable in the field’s history, so you can precisely tell who has (for example) copied the value of the field or tried to unsuccessfully access it.
To increase security, you can set your own Encryption Key and store it outside of your Jira server, so not even system administrator can access it.
Depending on the search setting, the users will either be blocked from searching for passwords or will only know the date of the last modification (e.g. to check which password has expired).
Secure Password Field uses the Advanced Encryption Standard with a 256-bit key.
You can set your own Encryption key to ensure the highest protection and prevent your secure data from being accessed by the system administrator.
If the Encryption key is not specified, the system will use the default one. A default key is strictly connected to your instance, so you can’t restore data encrypted by one instance in another one (it does not impact backups and restores, as instance data for default key are stored in the backup file).
We’ve prepared some additional resources – like a dedicated Landing Page with a Video Guide – in case you’re interested in this feature.