Set up automatic key rotation
You can regenerate and update security keys of your tunnels by using APIs. We’ve described steps that you need to complete, but you’ll need to decide if you want to do it manually or create a custom script.
This diagram shows an overview of steps you need to complete:
1. Regenerate security key
Before you begin:
Create an API key so you can authenticate API requests.
To get the tunnel hostname needed for your API request, go to Application tunnels, and select Actions > View application link URL next to your tunnel. The hostname is the first part of the URL, for example: http://e5e9e8f0-d429-4cb9-80bc-2f02cb91f587.atlassian.com.
To regenerate the security key using API:
Make the following API request to regenerate the security key. Make sure to update the organization ID and hostname.
1
PUT https://api.atlassian.com/admin/v1/orgs/<orgID>/tunnels/<hostname>/token
Response
1
2
3
4
5
6
7
8
9
HTTP 200
{
"id": "c8bed056-28c1-4884-96a7-cc4012863d74",
"name": "tunnel1",
"token": "O4D4eSRbMvsdpzV0EYi7BsdsLFsuSih4qsMlJgb8hQW8e4uogdsZtw32t4s52QF5AjI-4xMZJhAjO_Fs7W_9rg==",
"status": "CONNECTED",
"onPremiseUrl": "<baseURL>",
"upstreamDnsUrl": "http://c8bed056-28c1-4884-96a7-cc4012863d74.self-hosted.atlassian.com"
}
2. Update security key
Before you begin:
Create a personal access token so you can authenticate API requests. You can also use basic authentication.
To update the security key using API:
Make the following API request to update the security key in your self-managed instance. In payload, include the token from the response you received after regenerating the tunnel key.
1
PUT <baseURL>/rest/secure-tunneling/latest/tunnel/token
Payload
1
2
3
{
"token": "<token_from_response>"
}
Response
1
2
3
4
5
6
7
HTTP 200
{
"name": "tunnel1",
"cloudOrgName": "Cloud Org Name",
"cloudPageUrl", "https://admin.atlassian.com/o/0c632b13-d717-4d1f-b895-208a5599d2f2/tunnels",
"appLinksUrl", "<Atlassian_Cloud_BaseURL>/plugins/servlet/applinks/listApplicationLinks",
}
Was this helpful?