• Documentation

We’re renaming ‘products’ to ‘apps’

Atlassian 'products’ are now ‘apps’. You may see both terms used across our documentation as we roll out this terminology change. Here’s why we’re making this change

BYOK encryption limitations

Who can do this?
Role: Organization admin
Atlassian Cloud: Jira, Confluence, and Jira Service Management customers with Enterprise plan
Atlassian Government Cloud: Not available

Supported locations for apps with BYOK encryption

We currently support BYOK encryption in ten locations: Europe, USA, Australia, Canada, Germany, India, Japan, South Korea, Singapore, or United Kingdom.

When you set up BYOK encryption for a app, you need to choose one of these locations to host your app data. Currently we don’t support migration of data between locations once we’ve provisioned BYOK encryption for you.

Locations with multiple regions:

  • Europe regions are eu-central-1 (Frankfurt) and eu-west-1 (Dublin)

  • USA regions are us-east-1 (N. Virginia) and us-west-2 (Oregon)

To provide high fault-tolerance for BYOK key operations, the BYOK encryption keys reside in all regions associated with the location you chose.

  • Locations with a single region:

    • Australia region is ap-southeast-2 (Sydney)

    • Canada region is ca-cantral-1 (Canada Central)

    • Germany region is eu-central-1 (Frankfurt)

    • India region is ap-south-1 (Mumbai)

    • Japan region is ap-northeast-1 (Tokyo)

    • South Korea region is ap-northeast-2 (Seoul)

    • Singapore region is ap-southeast-1 (Singapore)

    • United Kingdom region is eu-west-2 (London)

For compliance or security requirements you may need to ensure your data is stored within one of these particular regions, rather than the multiple-region locations that we support.

Currently we don’t support migration of data between locations once we’ve provisioned BYOK encryption for you.

Number of BYOK policies

Currently you can create only one BYOK encryption (policy) per organization.

New app is required

Currently you can't add BYOK to an existing app. Once you’ve set up your AWS account and created an IAM role, you need to contact your Enterprise account representative so we can create the BYOK-enabled app for you.

If you want to add a BYOK app to your site after you've enabled BYOK for another app, you need to reach out to your Atlassian Enterprise account representative to add the app to your site. If you add the app directly, it will not be BYOK-enabled.

Atlassian Analytics

Atlassian Analytics does not support BYOK encryption. However, you can access data from BYOK-enabled apps that are available and encrypted in the Atlassian Data Lake.

Jira app family

Enabling BYOK encryption for a app, e.g. Jira, will also encrypt common aspects of other Jira apps on the same site, e.g. Jira Service Management.

What is the Jira family of apps?

 

Still need help?

The Atlassian Community is here for you.
Ask the Community
On this pageSupported locations for apps with BYOK encryptionNumber of BYOK policiesNew app is requiredAtlassian AnalyticsJira app family
CommunityQuestions, discussions, and articles