Customer has a lot of custom developed plugins for importing data from API to Jira Assets. Looking for a suitable method to encrypt the ClientSecret.

Comments:

I saw that this change does not affect our own-implemented plugins, they are still “unsafe“.

https://bitbucket.org/mathiasedblom/insight-import-module-tempo-account/src/master/src/main/java/com/riadalabs/jira/plugins/insight_tempo_accounts/TempoConfiguration.java

We are using this approach here. Would be great to have an example here to store it with javax.crypto

At the moment I just don’t get why it was implemented like this. All “secure“ fields we configure with the “InsightFieldPasswordConfiguration“, so we already mark them as “secure“. Is there any reason why you can’t just encrypt all kind of “InsightFieldPasswordConfiguration“ fields?

If you can generate an API Key once and store it in the configuration it absolutely makes sense to also encrypt the API Key. But in our case it’s really a ClientSecret.