This app is distributed for free via Atlassian Marketplace.

Inspiration

The HR team deals with personal information, while the production management team deals with cost and customer product information. When business teams use Jira, there will be more sensitive data in Jira that only a few people should know.

We have seen business teams' needs for sensitive data in issues that only a few people can see.

However, unlike Jira Data Center, where a third-party app can cover this need, we cannot find a way to control permissions on a per-field basis in Jira Cloud. It was challenging to create such an app on the Connect platform.

We noticed that Forge has been getting a lot of Custom Field functionality lately, so we decided to create an app to meet this need.

What it does

This app provides four custom field types to hold sensitive data in an issue:

  • Secure Text Field (Single-Line)
  • Secure Text Filed (Multi-Line)
  • Secure Number
  • Secure Date

For each field type, you can control the view and edit permissions at the field level. Even if a user can view and edit issues, if they do not have permission to view and edit at the field level, they will not view or edit that field.

This app supports the standard Jira permission settings such as user, group, and project roles.

How we built it

First of all, we thoroughly investigated the functionality of Forge's Custom Field Type module. As a result, we determined that Forge has sufficient functionality for Custom Fields and could achieve our requirements with it.

In the app, we defined four Custom Field Types using Forge's Custom Field Type module.

The values of the fields are stored in encrypted form to prevent unauthorized users from viewing or altering them. To increase security, we included logic to detect unauthorized editing.

For the configuration screen, we focused on UX and stuck to the Atlassian app-like screen using Atlaskit on React as the Custom UI page.

Challenges we ran into

The most challenging point was where to store the data that only authorized users can view and edit.

At first, we considered using the storage API. But, we were concerned about the quota and wondered if it would work stably when we introduce a feature in our backlog.

Next, we got an idea we used a service outside of Forge. But, due to the nature of the app, if we did it, we would have to support data residency on our own, which would lead to user anxiety. Therefore, we wanted to complete the project within Atlassian infrastructure.

In the end, we came up with a design to store encrypted values as field values, and after some verification and ingenuity, we succeeded in implementing this.

Another major issue was the response time. Response time displaying and editing fields is an essential part of the UX of this app. However, the speed was unacceptable in the first implementation due to the complex processing that exists during display and editing and the fact that we were not familiar with the UI kit.

We reviewed the entire implementation, identified points that could be parallelized, and took measures one by one. As a result, we achieved a speed that you can operate without stress.

Accomplishments that we're proud of

We have developed several apps for Atlassian Cloud, but this was our first Forge app.

We are proud that we collaborated with the team and submitted this app to Codegeist, despite the team's lack of knowledge about Forge and the difficulties we faced.

What we learned

  • How to use the main components of Forge such as Functions, UI kit, Custom UI and their characteristics
  • Forge's CI/CD on the Bitbucket pipeline
  • What Forge can do for you when developing an app

What's next for Secure Custom FIelds for Jira

There is still much room for improvement in this app, such as adding more Custom Field Types and making the permission setting more flexible to release additional features.

Recently, Forge has frequently been adding features related to Custom Fields. Using them will further improve the app's UX. We would also like to make suggestions to the Forge community to improve this app.

Built With

Share this project:

Updates