• Products
  • Documentation
  • Resources

What is BYOK encryption for Atlassian products?

The BYOK encryption feature is available through an early access program (EAP) to a number of customers with Enterprise plans for Jira Software. If you are interested in participating in the EAP reach out to your account representative.

For any issues during this process, contact support. For any AWS-related questions, contact AWS support.

Bring Your Own Key (BYOK) encryption allows you to encrypt certain product data for Jira Software with keys hosted in your external AWS account. Learn what product data can be managed with BYOK

The encryption keys are provisioned and managed in AWS Key Management Service (KMS).

Benefits of our BYOK encryption

  • Added protection for your sensitive data via encryption keys that are dedicated to your organization and managed in customer-owned infrastructure.

  • Increased control over your sensitive data by revoking access to encryption keys.

  • Visibility into logs of access to encryption keys using AWS CloudTrail.

BYOK encryption vs Atlassian-managed encryption

If you don’t use BYOK encryption, your data is encrypted using Atlassian-managed keys.

BYOK encryption

Atlassian-managed encryption

Atlassian requests keys to be provisioned in the customers’ own AWS accounts.

Keys generated by Atlassian in an Atlassian-owned AWS account, and shared among customers.

Atlassian requests keys to be provisioned in the customers’ own AWS accounts.
Keys generated by Atlassian in an Atlassian-owned AWS account, and shared among customers.

Eligibility for BYOK encryption

To use our BYOK encryption, you’ll need to:

  • be a part of the early access program (EAP)

  • have a Cloud Enterprise or a Cloud Enterprise trial subscription

  • be able to set up a dedicated AWS account for Atlassian BYOK

Pricing may change when the feature becomes generally available.

Next steps

  1. Set up an AWS account and create IAM roles.

  2. Set up BYOK encryption.

Additional Help