Security - Jira Cloud
Overview
The solution is a Single Page Application running directly in the browser. There is no application logic, data storage or aggregation of Jira data on any remote servers or databases.
- Agile Project has no remote servers or databases. So Jira data are never exposed.
- Jira and the app (running in the browser) communication is fully encrpyted with TLS 1.2.
- Saved projects from within Agile Project is stored in the Jira instance as entity properties. The data saved are only issue references so that projects can load e.g. issue key and JQL query. These references cannot be used extracting information outside Jira.
Security Policy - Jira Server/Data Center
Overview
The solution is a Single Page Application running as a Windows or Mac desktop Electron web app.
Data
- Jira Data is fetched from the Jira instance to Agile project running as a desktop app. Then all data aggregation is done directly in the app without any remote servers or databases
- Saved projects from within Agile Project is stored on Google firebase. The data saved are only issue references so that projects can load e.g. issue key and JQL query. These references cannot be used extracting information outside Jira.
Data Encrpyption
All data at rest and in transit are protected with full encryption
- At rest - This means that data is stored encrypted in Google Firebase database.
- In transit - This means that the connection to Google Firebase and Jira is encrypted and authenticated
using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM).
Database Security
The solution is using Google Firebase Realtime database. The data is secured using built in database security rules. A logged in user can only access data belonging to the user and the database automatically blocks all other access.