Security considerations

Data Access and Transmission

This plugin operates with zero persistent access to customer data that passes through it. All communications are exclusively conducted with Atlassian's Assets API (api.atlassian.com). These communications are secured using TLS 1.2+ encrypted connections, ensuring that all data transmitted between the plugin and Atlassian's services is encrypted in transit. The plugin functions as a secure intermediary, with all network traffic protected by industry-standard encryption protocols.

Configuration Storage

All configuration parameters are securely maintained within Atlassian's dedicated storage infrastructure, which implements role-based access controls ensuring that data is only accessible from the specific Confluence instance where the application is installed. This compartmentalized storage architecture prevents cross-instance data exposure.

Credential Management

Authentication credentials are stored exclusively in Atlassian's Secret Storage service, which is encrypted using AWS Key Management Service (KMS). AWS KMS implements the AES-256 cryptographic algorithm to encrypt all stored data. This ensures that login information remains protected by industry-standard encryption, minimizing the risk of credential exposure.

Data Residency Compliance

All data maintained within Forge storage automatically adheres to the data residency policies configured for your Confluence instance. This ensures organizational compliance with regional data sovereignty requirements and regulatory frameworks such as GDPR, CCPA, and other applicable data protection regulations.

Security Architecture

The plugin is built on Atlassian's Forge platform, which provides a containerized microservice architecture with isolated runtime environments. This design prevents potential lateral movement between applications and implements the principle of least privilege throughout the execution environment.