Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
1
-
Description
Ability to credential rotation via API or Script.
Rotate the credentials that are stored internally in Jira, Confluence, and Bitbucket periodically per standard industry security practices – that is – internal credentials that potentially have value to an external attacker.
Specifically out-of-scope are:
- End-user credentials (since the product already has a way to enumerate users and change their passwords and API keys or similar).
- Credentials stored by 3rd party plugins.
Attachments
Issue Links
- relates to
-
BSERV-13369 Support for rotation of internal application credentials (those of external value)
- Gathering Interest
-
CONFSERVER-79475 Support for rotation of internal application credentials (those of external value)
- Gathering Interest
-
JRASERVER-72198 As a Jira administrator I would like that OAuth tokens are removed when a user is disabled (inactive)
- Gathering Interest