The values of the Confidential Fields are encrypted with AES 256 and saved in the selected hosting database. bitvoodoo ag does not store your decryption key and cannot read the values. Only your Jira users can read the values.
Accessing the Encryption Key in the app
In the Confidential Fields main menu, you can see the text “encrypted”. When clicked, an overlay “Data Security & Encryption” will appear:
Please save the string “Your decryption key” in a secure location. This will allow you to decrypt custom field data outside of Jira.
The values of the Confidential Fields are encrypted and can only be read within Jira. Therefore, they cannot be read via the Jira API. Would you like to read the Confidential Fields values outside of Jira using an API? Please let us know in the feedback form or contact the bitvoodoo Support. We will create a custom API for future app versions if there is sufficient interest.
How your data is safe within the Confidential Fields app
Diagram: Writing Data
Diagram: Reading Data
The app runs in the Atlassian Cloud, not on an external bitvoodoo hosting.
Each customer has a unique secret key to encrypt the data stored in their Jira instance.
The readable data is only used within the Atlassian Cloud and does not leave it.
No unencrypted data is stored outside of your Jira Data Residency.
The customer-specific secrets for communication and encryption never leave the Jira instance. Neither are they going through bitvoodoo infrastructure.
For each value of a Confidential Field created within our app, we create an additional random initialization vector stored in the external hosting database. What this means:
Only Atlassian has the secret key (stored in the Jira database).
Only the external hosting database carries the value-specific initialization vector and the encrypted data.
You can decrypt values only if you have both pieces of information (secret key & initialization vector). → Neither bitvoodoo alone nor Atlassian alone can decrypt the data!
Decryption is handled by code running in the Atlassian Cloud as a Forge app; see this page.
Terms used in the diagrams and the text, in alphabetical order:
The Advanced Encryption Standard (AES) is one of today's standards for encrypting data. AES is a symmetric encryption method: the same key is used for encryption and decryption (and must be known). AES uses a fixed block length of 128 bits and a defined key length of 128, 192 or 256 bits.
Secret key and initialization vector (both explained below) are both part of AES 256.
Next the secret key used to encrypt and decrypt the data (see below), each Jira instance has its own communication secret. This ensures that only the allowed instance can communicate with the external hosting database. The communication secret is saved in the Jira database.
An initialization vector is a random number used in combination with a secret key as a means to encrypt data. This number is sometimes referred to as a nonce, or “number occurring once,” as an encryption program uses it only once per session.
If you add data to Confidential Fields, the data is encrypted with the secret key (which never changes) & the initialization vector (a random string added to each data). The initialization vector is stored next to the encrypted value in the external hosting database; Atlassian has no access to it.
To decrypt the data, you need the secret key & the initialization vector you used to encrypt the data before.
Abbreviation for “JSON Web Token”, a compact URL-safe means of representing claims to be transferred between two parties. In the case of the Confidential Fields app, JWT protects the data exchange between Atlassian Cloud and the external hosting database by using a customer-specific private/public key. JWT is part of the → communication secret.
All details on JWT: https://developer.atlassian.com/cloud/bitbucket/understanding-jwt-for-apps/
This key is accessible in the Confidential Fields' app interface. The secret key is issued for your entire instance and never changes. It allows you to decrypt Confidential Field data outside of Jira. As long as you are in Jira, you don’t need the secret key to read the values of Confidential Fields. We use the term "Decryption key" in the app interface, as described above. Technically, it’s the secret key.