I'm currently exploring best practices for API key management and rotation for our integration with Atlassian Jira. As part of our security measures, we want to rotate API keys programmatically to align with industry standards, which recommend regular key rotation to enhance security.
Key Questions: Is there an existing REST API or endpoint provided by Atlassian that allows for the creation of API tokens programmatically on behalf of a user? Are there any recommended practices or third-party tools that integrate with Atlassian to help automate API key rotation while adhering to security best practices? Has anyone implemented browser automation, or other creative solutions, to manage key rotation, and what were your experiences or challenges? We currently use secret management tools like HashiCorp Vault and CI/CD workflows for managing credentials, but we want to know if direct API integration with Jira for key rotation is feasible or a way around it.
For context, this is for a service account.
Current Situation: We are aware of the ability to manually create and manage API tokens through the Atlassian UI. We are looking for ways to automate the key rotation process, ideally via a REST API or any backend solution that supports automated key generation and management or any way around it to create a new one then delete the old one or something like that.
I'm currently exploring best practices for API key management and rotation for our integration with Atlassian Jira. As part of our security measures, we want to rotate API keys programmatically to align with industry standards, which recommend regular key rotation to enhance security.
Key Questions: Is there an existing REST API or endpoint provided by Atlassian that allows for the creation of API tokens programmatically on behalf of a user? Are there any recommended practices or third-party tools that integrate with Atlassian to help automate API key rotation while adhering to security best practices? Has anyone implemented browser automation, or other creative solutions, to manage key rotation, and what were your experiences or challenges? We currently use secret management tools like HashiCorp Vault and CI/CD workflows for managing credentials, but we want to know if direct API integration with Jira for key rotation is feasible or a way around it.
For context, this is for a service account.
Current Situation: We are aware of the ability to manually create and manage API tokens through the Atlassian UI. We are looking for ways to automate the key rotation process, ideally via a REST API or any backend solution that supports automated key generation and management or any way around it to create a new one then delete the old one or something like that.
Share Improve this question asked Nov 19, 2024 at 15:18 Ahmed MohamedAhmed Mohamed 1 1- Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. – Community Bot Commented Nov 20, 2024 at 4:02
1 Answer
Reset to default 0Is there an existing REST API or endpoint provided by Atlassian that allows for the creation of API tokens programmatically on behalf of a user?
Nope.
There are no API endpoints to generate API tokens. Users must use the GUI to generate their own tokens.