Uploaded image for project: 'Admin Experience'
  1. Admin Experience
  2. AX-685

Notify admins when Atlassian API tokens is exposed in GitHub

XMLWordPrintable

    • 1

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      At the moment, any Atlassian API tokens (Jira / Confluence) that are disclosed publicly in a GitHub repository will automatically be revoked and the affected user will be notified via e-mail.

      For some organisation this may not enough as the email visibility is limited to individual user.

      Suggested Solution

      Send a notification to an Admins (org-admins or site-admins or both) as well about the exposed API token.

      Workaround

      Currently, there is none.

          Form Name

            [AX-685] Notify admins when Atlassian API tokens is exposed in GitHub

            SET Analytics Bot made changes -
            Support reference count New: 1
            Rodrigo B. made changes -
            Description Original: N/A New: h3. Problem Definition

            At the moment, any Atlassian API tokens (Jira / Confluence) that are disclosed publicly in a GitHub repository will automatically be revoked and the affected user will be notified via e-mail.

            For some organisation this may not enough as the email visibility is limited to individual user.
            h3. Suggested Solution

            Send a notification to an Admins (org-admins or site-admins or both) as well about the exposed API token.
            h3. Workaround

            Currently, there is none.
            Rodrigo B. made changes -
            Component/s Original: Admin API tokens/keys [ 54490 ]
            Component/s New: Org Management - Cloud Admin API keys [ 80136 ]
            Key Original: ACCESS-1459 New: AX-685
            Support reference count Original: 1
            Description Original: h3. Problem Definition

            At the moment, any Atlassian API tokens (Jira / Confluence) that are disclosed publicly in a GitHub repository will automatically be revoked and the affected user will be notified via e-mail. 

            For some organisation this may not enough as the email visibility is limited to individual user. 
            h3. Suggested Solution

            Send a notification to an Admins (org-admins or site-admins or both) as well about the exposed API token. 
            h3. Workaround 

            Currently, there is none.             		New: N/A
            Project Original: Atlassian Guard [ 18910 ] New: Admin Experience [ 24210 ]
            Cole Norman made changes -
            Labels New: guard-s7
            Ramon M made changes -
            Component/s Original: User Activity [ 53197 ]
            Component/s New: Admin API tokens/keys [ 54490 ]

            jason colgate added a comment -

            Regarding the solution - more specifically i'd like the ability to be able to specify recipients. Having the option for admins is an improvement, but i'd like to be able to configure an option to alert the Security Ops team in parallel.

            jason colgate added a comment - Regarding the solution - more specifically i'd like the ability to be able to specify recipients. Having the option for admins is an improvement, but i'd like to be able to configure an option to alert the Security Ops team in parallel.
            SET Analytics Bot made changes -
            Support reference count New: 1
            Alim A. created issue -

              Unassigned Unassigned
              3d70865c1864 Alim A.
              Votes:
              5 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: