Request CMK re-encryption
Customer-managed keys (CMK) give you greater control and visibility over your encryption keys to protect your organization’s Atlassian Cloud data. CMK is currently in Open Beta, and customers not already enrolled in BYOK can enroll in it. BYOK will eventually be deprecated and migrated to CMK.
Re-encryption refers to the process of altering the underlying key material for encrypted data. This involves decrypting the existing ciphertext using the old key and then re-encrypting the resulting plaintext with a new key.
Who can do this? |
Re-encryption will be applied to all Customer-managed keys (CMK) enabled apps in your organization. To submit re-encryption requests, you must be a registered Atlassian organization admin due to security protocols.
It is important to anticipate a certain amount of downtime in your corresponding Atlassian Cloud apps during this operation
For further information regarding the re-encryption process, please refer to the white paper.
How to request re-encryption
Open the form to Atlassian support, then follow these instructions to submit a request:
Under What can we help you with? select Technical Issues and Bugs.
Under Which product is this for? select Cloud Administration.
Under What is the site URL of your product within your organization select any URL from your Atlassian organization. Selecting your main site URL should help as well.
(Optional) Under Include admin or billing/technical/end-customer contact, or additional participants on this ticket enter any relevant contacts from your organization that want to be notified about the request.
Under Summarize your issue enter Re-encryption for AWS account <AWS account ID>. Your AWS account ID is the AWS account that you created specifically for managing CMK encryption for your Atlassian apps. The ID is numeric, for example,
279766244153.Under What is the impact to your business select the level according to your business. For example, if you need immediate re-encryption, select Level 1. For the ticket SLA (time to response), refer to .
Under Give us more details, provide the following information:
Organization ID: This is a unique identifier assigned to your organization in the Atlassian cloud system. You can retrieve the URL via admin.atlassian.com:
https://admin.atlassian.com/o/my-organization-id-xxxxx-xxxxxxx-xxxxxx/overviewOld key ARN to be replaced: one from each region if you chose a dual-region realm. Otherwise, provide one key ARN for a single-region realm.
New key ARN for re-encryption: one from each region if you chose a dual-region realm. Otherwise, provide one key ARN for a single-region realm.
The timing to start the re-encryption: indicate whether you would like the process to commence immediately upon receiving your request, or if you would prefer to initiate it during the next available maintenance window.
Timing to start re-encryption:
a) Immediate: Re-encryption would start as soon as this ticket is addressed, this would mean that the sites under the org will experience downtime outside the maintenance window after re-encryption starts
b) Next maintenance window: no additional downtime outside of the next maintenance window
8. (Optional) Under Want faster, more accurate help? Upload screenshots or videos that show your issue and where it happened. Review our retention policy add any relevant attachments.
9. (Optional) Under Your phone number enter any relevant phone number.
10. Under Which is closest to your normal working hours? select the working hours that fit your business needs.
11. Select Submit Ticket to have the ticket created.
What’s next?
We’ll respond to the support ticket and keep you informed of the process and completion.
Was this helpful?