Care about security? We do too. Learn what Atlassian does and what you can do too.
Need to test security settings? Learn how with authentication policies.
Eager to configure? Read on about single sign-on.
Manage password policies for users? Set up two-step verification and idle session duration.
Stay on top of data across your organization with all the reports and tracking options we offer.
Learn about where your cloud product data is hosted and the types of data you can move.
Control how users and apps access your Atlassian cloud products.
Use classification levels to identify and categorize sensitive information in your organization.
Set up and manage BYOK encryption to add protection for your sensitive data.
Set up and manage data security policies to secure your organization’s data.
BYOK encryption for Jira Software is available to all customers with Enterprise plans.
BYOK encryption for Confluence is available through an early access program (EAP) to a number of customers with Enterprise plans. If you're interested in participating in the EAP reach out to your Enterprise account representative.
If access to your BYOK encryption keys is revoked, you can restore the access within three days of revocation. This will restore access to your Atlassian products both for your end users and for Atlassian systems. Learn how to revoke access to BYOK encryption keys
To restore access to BYOK encryption keys:
Log in to your AWS console. If you need help with your AWS account, contact AWS support.
Go to the IAM console.
Search for atlassian-key-management on the left side of the dashboard.
Go to Trust relationships.
In the Trusted entities section, select Edit trust policy.
Change the Cryptor-OSB-Provider statement from Deny to Allow:
Select Update policy.
Go to the KMS console and make sure to select the correct region.
Select the checkboxes next to the KMS keys prefixed with cryptor.
Select the Key actions drop-down list at the top right corner.
Let us know you’re ready for restoration so we can start the process on our end. Do this via the support ticket we created for your organization for revoking access to your encryption keys. The support ticket is titled BYOK revocation started for AWS account.
When admins set up BYOK encryption, they choose a location, either Europe or USA. Both locations have two regions:
Europe consists of eu-central-1 (Frankfurt) and eu-west-1 (Dublin) regions
USA consists of us-east-1 (N. Virginia) and us-west-2 (Oregon) regions
You need to enable keys in both regions, so repeat this process until you've enabled all keys that are prefixed with cryptor in both regions within your location.
Was this helpful?