When storing sensitive data such as passwords or license keys, the main concern is to ensure its proper protection.
Secure Password Custom Field enables you to store private information behind a secure mask and prevent unauthorized access to it.
Secure Password Configuration
Secure Password Field uses the Advanced Encryption Standard with a 256-bit key.
You can set your own Encryption key to ensure the highest protection and prevent your secure data from being accessed by the system administrator.
If the Encryption key is not specified, the system will use the default one (will be generated from your Jira instance server key).
You can add one Encryption key for all Password fields or set specific keys for each one.
To set custom key you need to add a special property to the properties file.
Adding property for all Password fields:
com.coresoftlabs.secureFields.global.password.secret
com.coresoftlabs.secureFields.global.password.secretFilePath
Adding property for a specific Password field:
com.coresoftlabs.secureFields.{FIELD_ID}.password.secret
com.coresoftlabs.secureFields.{FIELD_ID}.password.secretFilePath
Example: com.coresoftlabs.secureFields.customfield_10201.password.secretFilePath=c:/test.txt
Manage apps → Secure fields → Secure Password Settings
Table of Contents | ||||
---|---|---|---|---|
|
Extra authentication
Tip |
---|
Protect the sensitive information that you keep by enforcing extra authentication every time the user is trying to access it. |
Issues → Fields → Custom fields → Edit Password field authentication configuration
Extra authentication enabled - a user will be prompted to authorize before accessing the Secure Password Field. If authorization fails, none of the options (show/edit/copy the value) are available. A user will get an error message.
Permissions
Tip |
---|
Define who can access the field, decrypt, change or copy its value. |
Issues → Fields → Custom fields permission schemes
Expand | ||
---|---|---|
| ||
Users with only View field permission can see the Password field on issue screen. |
Expand | ||
---|---|---|
| ||
If a user with Edit field value permission clicks on , the Overwrite value button appears. It enables the user to enter new data into the Password field. |
Expand | ||
---|---|---|
| ||
After clicking on and successful authorization (if Extra authentication enabled), users with Decrypt field value permission get the next options:
|