• Products
  • Documentation
  • Resources

BYOK limitations

The BYOK encryption feature is available through an early access program (EAP) to a number of customers with Enterprise plans for Jira Software. For any issues, contact support.

Data residency

All customer-managed keys must live within the same data residency location. Currently, we are only supporting BYOK encryption in Europe and USA locations. Once you've provisioned BYOK encryption, you can't migrate the data between locations. Learn about data residency

Number of BYOK configurations

Currently you can create only one BYOK encryption (configuration) per organization.

New product instance required

Currently you can't add BYOK to an existing product instance. Once you’ve set up your AWS account and created IAM roles, you need to contact us so we can create the BYOK-enabled product instance for you.

Attachments dual writes

For the first couple of months after the EAP rollout, attachments with be encrypted by both customer-managed keys and Atlassian keys, as we’re in the process of migrating attachments to new data store encrypted with customer keys. After this transition period Jira attachments will be stored at rest encrypted only with customer-managed keys.

Cloud to Data Center or Server

Cloud to Data Center or to server export is not supported for BYOK EAP.

Atlassian Analytics

Atlassian Analytics does not have data from BYOK-enabled product instances.

Sprint burndown insight

For the first couple of months after EAP rollout, sprint burndown insight is not available for BYOK via the right navigation menu on the Jira issue view. The functionality of the sprint burndown chart is still accessible from the reports menu, but the performance isn’t as good as the insight chart. Learn more about Sprint burnout insight

Audit logs

We don’t offer BYOK encryption for the audit logs.

Jira product family

Enabling BYOK encryption for a Jira product, e.g. Jira Software, will also encrypt common aspects of other Jira products on the same site, e.g. Jira Service Management.

The encryption of common Jira elements does not ensure comprehensive encryption of the collateral product unless explicitly stated.

Partial encryption of Jira Products limits future encryption (including when the level of support is expanded within products) until re-encyrption capabilities are supported.

Learn about the Jira family of products


Additional Help