Request BYOK re-encryption

Re-encryption is the process of re-encrypting the data of an existing BYOK-enabled app with new KMS keys. You can request re-encryption for your BYOK-enabled apps at any point.

When the re-encryption starts, it suspends all BYOK-enabled apps both for your end users and for Atlassian systems. This first portion of the re-encryption requires downtime of up to a few business days.

The second portion of the re-encryption runs asynchronously in the background, which means that during this time your apps will be back online. This portion is expected to take hours to days, depending on how much data the apps have.

How to request re-encryption

Create a support ticket titled BYOK re-encryption for AWS account <AWS account ID> via Atlassian support. Your AWS account ID is the AWS account that you created specifically for managing BYOK encryption for your Atlassian apps. The ID is numeric, for example, 279766244153.

In the support ticket, provide us with the following information:

• Organization ID. Go to Atlassian Administration. Select your organization if you have more than one.The orgnization ID is the number in the URL, preceding /overview.

• When you want to start the re-encryption. Specify if you want the process to start when we receive your request, or if you prefer to start it during a scheduled maintenance window.

Re-encryption will be applied to all BYOK-enabled apps in your organization.

What’s next?

We'll reach out to you within a couple of days via the support ticket to notify you that we’ve started the re-encryption process. We'll then contact you again when we suspend your apps, when we unsuspend your apps, and finally when we complete the re-encryption.