Secure Fields for JIRA
Page tree

Versions Compared

Old Version 36

changes.mady.by.user Inga

Saved on

compared with

New Version 37

changes.mady.by.user Unknown User (krzysztof.daukszewicz@infodesign.pl)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

When storing sensitive data such as passwords or license keys, the main concern is to ensure its proper protection.
Secure Password Custom Field enables you to store private information behind a secure mask and prevent unauthorized access to it.

Table of Contents
stylesquare
separatorpipe

Secure Password Configuration

Secure Password Field uses the Advanced Encryption Standard with a 256-bit key.
You can set your own Encryption key to ensure the highest protection and prevent your secure data from being accessed by the system administrator.
If the Encryption key is not specified, the system will use the default one. A default key is strictly connected to your instance, so you can’t restore data encrypted by one instance in another one (it does not impact backups and restores, as instance data for default key are stored in the backup file).

Warning

Important: Customization must be done before any issue with the Password field is created.

You can add one Encryption key for all Password fields or set specific keys for each one.
To set custom key(s) you need to add a special property to the properties file called jira-config.properties. More about using properties you can read here.

Adding property for all Password fields:
com.coresoftlabs.secureFields.global.password.secret
com.coresoftlabs.secureFields.global.password.secretFilePath

Adding property for a specific Password field:
com.coresoftlabs.secureFields.{FIELD_ID}.password.secret
com.coresoftlabs.secureFields.{FIELD_ID}.password.secretFilePath
Example: com.coresoftlabs.secureFields.customfield_10201.password.secretFilePath=/var/atlassian/application-data/encryption-keys/myfile.txt

Please note: Properties can be mixed, they are loaded in the following order:

  1. com.coresoftlabs.secureFields{FIELD_ID}.password.secretFilePath

  2. com.coresoftlabs.secureFields.{FIELD_ID}.password.secret

  3. com.coresoftlabs.secureFields.global.password.secretFilePath

  4. com.coresoftlabs.secureFields.global.password.secret

The plugin uses the first property found on the list. If none is found - it will use the default one.

Important: once the property is set (default or custom one) it cannot be modified as its change will deny the possibility to decrypt previously added field values.

View your Password fields settings:
Manage apps → Secure fields → Secure Password Settings

Table of Contentsstylesquareseparatorpipe

Extra authentication

Tip

Protect the sensitive information that you keep by enforcing extra authentication every time the user is trying to access it.

Issues → Fields → Custom fields → Edit Password field authentication configuration

Image Modified

Extra authentication enabled - a user will be prompted to authorize before accessing the Secure Password Field. If authorization fails, none of the options (show/edit/copy the value) are available. A user will get an error message.

Permissions

Tip

Define who can access the field, decrypt, change or copy its value.

Issues → Fields → Custom fields permission schemes

Expand
titleRead more about View field permission

Users with only View field permission can see the Password field on issue screen.  
The value of the field is shown encrypted and cannot be unmasked or edited by the current user.

Expand
titleRead more about Edit field value permission

If a user with Edit field value permission clicks on (blue star), the Overwrite value button appears. It enables the user to enter new data into the Password field.
The current value will be not shown as the user does not have permission to decrypt the field.

Expand
titleRead more about Decrypt field value permission

After clicking on (blue star)and successful authorization (if Extra authentication enabled), users with Decrypt field value permission get the next options:

  • Show value - data will be decrypted and the field value is shown:

  • Edit value - data will be decrypted and the field value is available for editing:

  • Copy to clipboard - allows the user to copy the field value to the clipboard.

History

Tip

Know if and when someone accessed sensitive data.

Every attempt to decrypt, edit, or copy the value of the Password field is recorded in the field's history. Furthermore, unsuccessful attempts are stored as well. In order to view the history of the field, a user needs to have the respective permission - View field history.

Depending on the Search mode you set, Password Field searching will be limited or disabled.

Performance mode - a user is only able to check the field's last modification date.

Strict mode - Secure Password Field is not searchable.