Teams share sensitive information in JIRA all the time: passwords, customer data, SSL certs, SSH keys, PHI. But JIRA doesn’t provide end-to-end encryption for these secrets, so they live in JIRA unprotected or end up somewhere else, disconnected from the actual work.
We wanted a safer way to store and share sensitive information in JIRA so we created Team Secrets.
What it does
Team Secrets protects sensitive information in JIRA with end-to-end encryption and viewer verification. It works in both JIRA Cloud and JIRA Server and offers:
TRUE END-TO-END ENCRYPTION MADE EASY Team Secrets uses bank-grade encryption to protect your file attachments and secret text from the moment you start uploading until they are viewed by the recipient. Snooping on the transfer or stealing the file will result in something completely undecipherable (i.e. we don’t trust SSL).
REAL RECIPIENT VERIFICATION Team Secrets ensures that anyone opening your secret is authenticated using at least 2 forms of ID. Email address, team membership, passphrase and mobile phone verification means only the people you choose can assemble the keys necessary to decrypt the files.
TEAM SECRETS DENIABILITY Team Secrets does not at any point have the ability to decrypt a secret under any circumstances - only the creator and the chosen viewers can do that.
EASY TO USE Team Secrets works just like file attachments and text fields for an experience that is frictionless and completely integrated into existing JIRA workflows.
How we built it
Team Secrets implements end-to-end encryption, which means the secret is always encrypted and decrypted in the browser of the creator or viewers instead of the server.
Since the local machine is doing the work, we needed fast and lightweight crypto libraries. We chose the “xsalsa20-poly1305" encryption scheme because it provides great security with fast processing and “TweetNaCl” because it’s a small, auditable high-security cryptographic library.
Decryption requires BOTH a master key (stored as a property of a JIRA issue) and individual keys that live on Team Secrets servers. Since we don’t have access to your JIRA server, we can never combine the keys to decrypt your files. Only you and authorized secret viewers can access both keys.
Challenges we ran into
Balancing convenience vs. security is very difficult. We wanted our user experience to be as fast and easy as uploading an attachment, but we have to gather so much more information about viewers and security measures. We did dozens of iterations and settled on our simple dialog approach with as few steps as possible.
Accomplishments that we're proud of
We are very proud of solving the problem of sharing secrets in JIRA in a way that’s both highly secure but also convenient and easy to use. Most solutions out there accomplish one of those two pillars but not both - and now we are the first to make it available in JIRA!
We’re also proud of how we solved the key management problem. In Team Secrets, one of our business rules is that our servers can never have all the information necessary to decrypt a user’s file. This is to protect our users’ secrets even if our servers get compromised.
What we learned
Getting security right is a tough problem, but doing it in a way that minimizes friction and adds minimal overhead for the team is even harder. But, if you give people a way to share secrets safely in JIRA, they will use it!
What's next for Team Secrets
We believe that JIRA is just one of many places where teams are sharing sensitive information and want more secure options. We’d like to extend Team Secrets to Confluence, HipChat and other Atlassian products so that teams can practice safe sharing wherever they work.