Managing access to IT resources is a key challenge for many companies. In an ideal world,
all systems should be integrated with a central Identity and Access Management (IAM) system, ensuring unified and secure access. However, reality is often more complex, and using IAM
is not always an option. This is where the Secure Fields app for Jira comes in, enabling the secure storage and access control of sensitive information, such as storing passwords in Jira.
In this article, we will present a practical scenario where Secure Fields solves a real organizational problem. Find out how to safaly store passwords in Jira with Secure Fields app.

Companies have various IT resources with restricted and protected access. These can include applications, physical or virtual servers, and other IT services. Examples of such resources include web servers, virtual and physical machines, mail servers, or network drives. Typically, secure access to these resources is managed using an Identity and Access Management (IAM) system, which allows for centralized credential management. However, in some cases, using such a central system may be impossible or inefficient.

Here are three examples of such situations:

1️⃣ The system does not support user accounts
Some IT systems operate with a single shared password for all users, making

it impossible to integrate them with centralized identity management.

2️⃣ Immediate access is needed
The process of creating a new user account in a system can be time-consuming,

especially if it requires administrator approval.

3️⃣ Emergency access
Even with centralized access management, emergencies can occur. For example, if the only person responsible for access suddenly becomes unavailable, the company may lose control
over a critical resource.

4️⃣ A technical account not linked to a specific person
A technical account is shared among different individuals, so multiple people need access
to its credentials.

Jira can be effectively used for IT resource management by creating projects and issues,
where each issue is assigned to a specific resource. In such a system, key information about

each resource can be stored, including:

• Resource name

• Description of its function

• Access addresses – e.g., IP addresses or URLs

Storing sensitive data, such as passwords or credentials, in Jira requires proper security measures to prevent potential security breaches. This is where the Secure Fields app comes in, ensuring the secure storage of such information, restricting access to unauthorized users, monitoring access, and providing full auditability to comply with best security practices.

🛡️ Data Encryption – Due to the high sensitivity of password data, it is encrypted

in the database using AES-256 encryption. This ensures that even if someone gains access

to the database, they cannot read the stored password.

🔒Permissions Management – Secure Fields guarantees maximum security for stored passwords and access credentials in Jira. Only authorized users can view the stored password, while unauthorized users are completely restricted from access.

👥 Access Auditing – Every access attempt to a secure field—both successful and unsuccessful – is logged in the Secure Fields history, ensuring full visibility of who attempted to decrypt the value. Additionally, users may be required to provide a reason for accessing the data.

🆔 Additional Authentication – Administrators can enforce extra authentication for users trying to view or modify a field’s value. This is an effective measure to prevent unauthorized access, such as in cases of physical access to a Jira user’s computer.

To better illustrate how Secure Fields works, below we present several screenshots that show each step of the process.

1️⃣ Additional authorization – when attempting to access a field, the user must go through
an additional verification step.

2️⃣ The Secure Password field view in a Jira issue – this is how the field storing the password securely appears.

3️⃣Access history – every attempt to view the field value is logged and accessible only
to authorized users.

4️⃣ Authorization confirmation – the user must confirm why they want to access the field.

5️⃣ Permissions scheme – shows that only users with the appropriate permissions can view
and edit the Secure Password field.

Secure Fields offers a powerful solution for organizations needing to securely store sensitive data in Jira. With encryption, additional authentication, comprehensive access history,
and a flexible permissions system, the app ensures secure management of credentials.
If your company aims to improve access security in Jira, visit the Atlassian Marketplace
and download Secure Fields for Jira today. Discover how it addresses the challenge of securely storing and controlling access to passwords.

BEST PRACTICES FOR CREATING PASSWORDS

An important aspect of password management is avoiding the use of the same password across multiple platforms. Each account should have a unique, hard-to-guess password, which significantly increases security. In practice, when dealing with many passwords across different systems, remembering them can become challenging.