Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-76107

As a Jira administrator I would like to configure a plain text prefix for the personal access token

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • Personal Access Tokens
    • None
    • 1
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Problem Definition

      Since Jira 8.14 users have the ability to generate personal access tokens as an alternative to authenticate to Jira.

      These tokens are base64 encoded of byte arrays without any predefined pattern.
      Having a pattern, such as a known prefix, would be of great help for security scanners to identify when a token is hardcoded in code repositories.

      Suggested Solution

      Add the ability to configure a prefix for any generated token.
      For example, if a generated token looks like NTQ3NTQ0OTcwNTk4Oni132JJ/DUDz78U+PliwQt3rQFK with today's configuration, it could be as JIRA-NTQ3NTQ0OTcwNTk4Oni132JJ/DUDz78U+PliwQt3rQFK with a JIRA- prefix, making it easier for security scanners to identify it.

      The prefix should be configurable so that each administrator can adjust the prefix on their instances.

              Unassigned Unassigned
              tmasutti Thiago Masutti (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: