What is BYOK encryption?
Who can do this? |
Bring Your Own Key (BYOK) encryption lets you encrypt product data for Jira, Confluence, or Jira Service Management with keys hosted in your external AWS account. Learn what product data can be managed with BYOK
Benefits of BYOK encryption
BYOK encryption gives you:
Added security for sensitive data. By hosting your own encryption keys, you manage and control the keys at all times.
Increased control over access to data. Revoking access to the keys suspends access to all your products. With the ability to revoke access to encryption keys at any time, you can reduce risk of unauthorized access.
Visibility into account activity across your AWS infrastructure. Record activity and access audit logs using AWS CloudTrail.
BYOK encryption vs Atlassian-managed encryption
If you don’t use BYOK encryption, your data is encrypted using Atlassian-managed keys.
BYOK encryption
The keys are provisioned and managed in the customers’ own AWS accounts.
Atlassian-managed encryption
Atlassian generates keys in an Atlassian-owned AWS account, and the keys are shared among customers.
What BYOK encryption involves
You first need to set up an AWS account and create an IAM role.
Next, contact your Enterprise account representative and provide us with information such as your AWS account ID, where you want to host your product data, and the products you want to encrypt using BYOK. We’ll set up BYOK encryption for you and add BYOK-encrypted products to your Enterprise plan. Learn how to set up BYOK encryption
Was this helpful?