BYOK encryption limitations

Supported locations for products with BYOK encryption

We currently support BYOK encryption in two locations: European Union and USA. When you set up BYOK encryption for a product, you need to choose one of these locations to host your product data.

Both locations have two regions: European Union consists of eu-central-1 (Frankfurt) and eu-west-1 (Dublin) regions, and USA consists of us-east-1 (N. Virginia) and us-west-2 (Oregon) regions. To provide high fault-tolerance for BYOK key operations, the BYOK encryption keys reside in both regions associated with the location you chose.

Currently we don’t support migration of data between locations once we’ve provisioned BYOK encryption for you.

Number of BYOK policies

Currently you can create only one BYOK encryption (policy) per organization.

New product is required

Currently you can't add BYOK to an existing product. Once you’ve set up your AWS account and created an IAM role, you need to contact your Enterprise account representative so we can create the BYOK-enabled product for you.

If you want to add a BYOK product to your site after you've enabled BYOK for another product, you need to reach out to your Atlassian Enterprise account representative to add the product to your site. If you add the product directly, it will not be BYOK-enabled.

Atlassian Analytics

Atlassian Analytics can't access data from BYOK-enabled products.

Jira product family

Enabling BYOK encryption for a product, e.g. Jira, will also encrypt common aspects of other Jira products on the same site, e.g. Jira Service Management.

Learn about the Jira family of products