Learn about security solutions and standards
Care about security? We do too. Learn what Atlassian does and what you can do too.
BYOK limitations
The BYOK encryption feature is available through an early access program (EAP) to a number of customers with Enterprise plans for Jira Software. For any issues, contact support.
Data residency
All customer-managed keys must live within the same data residency location. Currently, we are only supporting BYOK encryption in Europe and USA locations. Once you've provisioned BYOK encryption, you can't migrate the data between locations. Learn about data residency
Number of BYOK configurations
Currently you can create only one BYOK encryption (configuration) per organization.
New product instance required
Currently you can't add BYOK to an existing product instance. Once you’ve set up your AWS account and created IAM roles, you need to contact us so we can create the BYOK-enabled product instance for you.
Attachments dual writes
For the first couple of months after the EAP rollout, attachments with be encrypted by both customer-managed keys and Atlassian keys, as we’re in the process of migrating attachments to new data store encrypted with customer keys. After this transition period Jira attachments will be stored at rest encrypted only with customer-managed keys.
Cloud to Data Center or Server
Cloud to Data Center or to server export is not supported for BYOK EAP.
Atlassian Analytics
Atlassian Analytics does not have data from BYOK-enabled product instances.
Sprint burndown insight
For the first couple of months after EAP rollout, sprint burndown insight is not available for BYOK via the right navigation menu on the Jira issue view. The functionality of the sprint burndown chart is still accessible from the reports menu, but the performance isn’t as good as the insight chart. Learn more about Sprint burnout insight
Audit logs
We don’t offer BYOK encryption for the audit logs.
Jira product family
Enabling BYOK encryption for a Jira product, e.g. Jira Software, will also encrypt common aspects of other Jira products on the same site, e.g. Jira Service Management.
The encryption of common Jira elements does not ensure comprehensive encryption of the collateral product unless explicitly stated.
Partial encryption of Jira Products limits future encryption (including when the level of support is expanded within products) until re-encyrption capabilities are supported.
Learn about the Jira family of products
Was this helpful?