• Documentation

Request BYOK re-encryption

BYOK encryption for Jira, Jira Service Management, and Confluence is available to all customers with Enterprise plans.

Re-encryption is the process of re-encrypting the data of an existing BYOK-enabled product with new KMS keys. You can request re-encryption for your BYOK-enabled products at any point.

When the re-encryption starts, it suspends all BYOK-enabled products both for your end users and for Atlassian systems. This first portion of the re-encryption requires downtime of up to a few business days.

The second portion of the re-encryption runs asynchronously in the background, which means that during this time your products will be back online. This portion is expected to take hours to days, depending on how much data the products have.

How to request re-encryption

To request re-encryption you need to be an organization admin.

Create a support ticket titled BYOK re-encryption for AWS account <AWS account ID> via Atlassian support. Your AWS account ID is the AWS account that you created specifically for managing BYOK encryption for your Atlassian products. The ID is numeric, for example, 279766244153.

In the support ticket, provide us with the following information:

  • Organization ID. Go to admin.atlassian.com. Select your organization if you have more than one.The orgnization ID is the number in the URL, preceding /overview.

  • When you want to start the re-encryption. Specify if you want the process to start when we receive your request, or if you prefer to start it during a scheduled maintenance window.

Re-encryption will be applied to all BYOK-enabled products in your organization.

What’s next?

We'll reach out to you within a couple of days via the support ticket to notify you that we’ve started the re-encryption process. We'll then contact you again when we suspend your products, when we unsuspend your products, and finally when we complete the re-encryption.

Still need help?

The Atlassian Community is here for you.