Video Feature Tour
Secure Password Configuration
Secure Password Field uses the Advanced Encryption Standard with a 256-bit key.
You can set your own Encryption key to ensure the highest protection and prevent your secure data from being accessed by the system administrator.
If the Encryption key is not specified, the system will use the default one. A default key is strictly connected to your instance, so you can’t restore data encrypted by one instance in another one (it does not impact backups and restores, as instance data for default key are stored in the backup file).
Important: Customization must be done before any issue with the Password field is created.
You can add one Encryption key for all Password fields or set specific keys for each one.
To set custom key(s) you need to add a special property to the properties file called jira-config.properties. More about using properties you can read here.
Adding property for all Password fields:
com.coresoftlabs.secureFields.global.password.secret
com.coresoftlabs.secureFields.global.password.secretFilePath
Adding property for a specific Password field:
com.coresoftlabs.secureFields.{FIELD_ID}.password.secret
com.coresoftlabs.secureFields.{FIELD_ID}.password.secretFilePath
Example: com.coresoftlabs.secureFields.customfield_10201.password.secretFilePath=/var/atlassian/application-data/encryption-keys/myfile.txt
Please note: Properties can be mixed, they are loaded in the following order:
com.coresoftlabs.secureFields{FIELD_ID}.password.secretFilePath
com.coresoftlabs.secureFields.{FIELD_ID}.password.secret
com.coresoftlabs.secureFields.global.password.secretFilePath
com.coresoftlabs.secureFields.global.password.secret
The plugin uses the first property found on the list. If none is found - it will use the default one.
Important: once the property is set (default or custom one) it cannot be modified as its change will deny the possibility to decrypt previously added field values.
View your Password fields settings:
Manage apps → Secure fields → Secure Password Settings
Extra Authentication
Issues → Fields → Custom fields → Edit Password field authentication configuration
Extra authentication enabled - a user will be prompted to authorize before accessing the Secure Password Field. If authorization fails, none of the options (show/edit/copy the value) are available. A user will get an error message.
Permissions
Issues → Fields → Custom fields permission schemes
History
Know if and when someone accessed sensitive data.
Every attempt to decrypt, edit, or copy the value of the Password field is recorded in the field's history. Furthermore, unsuccessful attempts are stored as well. In order to view the history of the field, a user needs to have the respective permission - View field history.
Search
Depending on the Search mode you set, Password Field searching will be limited or disabled.
Performance mode - a user is only able to check the field's last modification date.
Strict mode - Secure Password Field is not searchable. Please note, that even with strict mode turned on, you can go to the Custom Fields menu, click on “Edit” and set up a searcher to enable search for a specific Password Field.
Java version incompatibility
It is possible in the older Jira instances, that the Java version installed won’t be compatible with the Password Field. The problem will be visible in the “Secure Password Settings” tab and on every page featuring a Password Field.
Server Fix
In this situation, you need to:
Turn off your Jira instance.
Download the package from this link: https://www.oracle.com/java/technologies/javase-jce8-downloads.html
Open the package, and then replace the downloaded files in the “security” folder of your Jira installation catalog.
In Windows, the path is usually: C:\Program Files\Atlassian\JIRA\jre\lib\security
In Linux, the path is usually: /var/atlassian/jira/jre/lib/security
Afterward, turn on your Jira instance. Everything should work fine.