Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA Security and MYSQL DB encryption

Eduardo Marques
Eduardo Marques April 24, 2017

Hi everybody,

We are currently analysing possibilities of encrypting sensitive information inserted in the JIRA tickets (text and attachments).

We are already using an HTTPS access and an external authentication tool but we would like to improve the security of the information.

We were considering either the acquisition of a specific plugin like Encrypted Field or encryption directly in the JIRA DB (MYSQL). Does JIRA support encrypted databases?

We are currently running JIRA version 6.2.7 but we are thinking of migrating to JIRA 7.0.11 in the near future.

Can anyone share your experiences in making JIRA more secure?

Thank you all for your help.

 

Answer
Watch
Like Be the first to like this
1756 views

1 answer

1 vote
Daniel Eads {unmonitored account}
Daniel Eads {unmonitored account}
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 24, 2017

Hi Eduardo,

JIRA doesn't officially support encrypted databases - that is, Atlassian Support can't help if you experience configuration issues with encrypted fields. Some folks are definitely doing it.

A couple items came to mind:

  • Since you're on 6.2, see https://jira.atlassian.com/browse/JRASERVER-23255 for a description of "everyone" filters being accessible to non-logged-in users - something to keep in mind when you upgrade
  • Prevent Anonymous Access is a free plugin intended to fix the above (on versions below the fix version listed in that ticket) as well as keeping people from accessing other pages without being authenticated.

I saw Encrypted Field mentioned in a few other questions, so it looks like you are doing your research. Good luck and let us know how your encyption efforts turn out!

 

View More Comments
Eduardo Marques
Eduardo Marques April 25, 2017

Thanks Daniel.

I will check your links.

Any tips for the database encryption or that's a question more for the DB experts?

 

Best regards.

Like
Daniel Eads {unmonitored account}
Daniel Eads {unmonitored account}
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 25, 2017

Yes, that sounds right. After reading up a little about MySQL encryption, it seems like you would want to enlist the help of a DBA who has used it before. A few posts noted that you'll take a performance hit encrypting the whole database and it might be worth scoping out to what you mentioned (text in tickets).

Note that attachments are stored on disk, so you can take permissions and encryption steps for those on the filesystem without having to do things to your database.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.