The current setup of having a signer server and config on each customer instance won't be allowed on Unicorn due to security policy reasons (shouldn't have a shared secret on all containers).

There needs to be a central signing server running on a container with some kind of file mapping studio customer instances to google domains, with per container keys to sign requests made from studio instances to the signer. This idea needs to be run past Vitaly for security approval before implementation starts.

To get signing working for the spike, I modified jira's JAVA_OPTS file to include this:

-Dgapps.enabled=true -Dcom.atlassian.agmp.oauth.consumer.secret=<secret goes here> -Dcom.atlassian.agmp.domain.name=atl-paid-dev.com