I would expect Jira Automation should be able to encrypt a token with sha1/sha256, then the receiver would have to decrypted with the body of the message like Trello does it right now,

https://developer.atlassian.com/cloud/trello/guides/rest-api/webhooks/#webhook-signatures

This would make sure there is unique hashed tokens over the wire.

Thanks for the feedback 6ee55eea6ed0. Upon further reflection, I think this one might be more wide-ranging and should be kept open.

I'm not sure it's the same as current issue 77612 (encrypt/hash). Anyway, I'm OK with fix delivered in 22729 (hide secrets in automations once they're filled-in). Thanks.

Could the watchers of this issue let us know if their concerns were addressed by the rollout of the feature described in JSWCLOUD-22729 – As an admin, I want to be able to hide values in automation rules, e.g. web requests using tokens in header? Thanks!

This suggestion appears a duplicate of https://jira.atlassian.com/browse/JSWCLOUD-22729.

The feature is already being rolled out.

I'm not an expert on this, but if the URL you're sending the data to is HTTPS, wouldn't that mean that your headers and payload are encrypted over HTTPS anyway?

If it doesn't work that way... I'd like to know because then I need to address those vulnerabilities.

I see "Automation: Secure headers for outgoing web requests" is rolling out  , hopefully this will be available soon for all sites!

https://confluence.atlassian.com/cloud/blog/2022/09/atlassian-cloud-changes-sep-19-to-sep-26-2022

Considering switching ITSM due to the lack of support here.

+1

How can we implement this awesome automation article without having the Authorization header securely encrypted?

https://community.atlassian.com/t5/Automation-articles/Let-s-automate-project-creation-using-Jira-Automation/ba-p/2075145

I agree, absolute priority!

Without this we'll be unable to implement any integration with our external applications, and there is no workaround?!?