Hello Atlassian Community!
My name is Hui (pronounced “Hway”), and I am a product manager responsible for encryption here at Atlassian.
We launched Bring-your-own-key (BYOK) encryption in 2023/2024 as an initial step to help you move to the cloud while retaining control over your product data. BYOK provided critical encryption key management capabilities; however, we know some of you have even more stringent requirements.
At Team ‘25 Anaheim, we announced that Customer-managed keys, our newest encryption capability, will be in open beta starting Q2 2025. Built upon BYOK encryption, Customer-managed keys inherits the same product data coverage and reflects the least-privilege cybersecurity principle as you’ll no longer need to grant Atlassian administrative IAM role access to your AWS Key Management System (KMS).
With Customer-managed keys, you’ll get:
-
Added cryptographic separation for product data: This provides you with additional data isolation from other cloud tenants through the use of a distinct set of encryption keys that you manage.
-
Full control over the lifecycle of keys: Hosting your own encryption keys allows you to independently manage and control your keys at all times.
-
Increased control over access: Revoking access to the keys suspends access to all your products at any time so you can mitigate the risk of unauthorized access.
-
Visibility into encryption activity: Controlling your own keys allows you to monitor encryption key access activity, validating proper usage and access.
Who is eligible to join the open beta?
How do I sign up for open beta?
We’ll update this post when the open beta launches and share instructions on how to join, so please ‘watch’ this page. In the meantime, check out our Customer-managed keys whitepaper to learn more about encryption at Atlassian, and follow the Atlassian cloud roadmap to stay up-to-date.
We’re always looking to hear from you, so please share any questions or comments below.
Cheers,
Hui
