Jira Server - On-Premise
The Jira Server (On-Prem) integration enables SailPoint Entro to detect and monitor exposed secrets within your Jira environment — including issues, comments, and attachments — without altering or storing project data.
Overview
SailPoint Entro connects to your on-prem Jira Server through a local Worker running within your environment. All communication between the Worker and SailPoint Entro occurs securely over HTTPS/TLS, ensuring your Jira data never leaves your network.
Architecture Diagram
Installation & Configuration
-
Prerequisites
Before integrating Jira Server with SailPoint Entro:
-
Jira Server v8.0 or later
-
REST API access enabled (
/rest/api/2/) -
A dedicated integration user (see Dedicated Atlassian User)
-
A Personal Access Token (PAT) for that user (see Atlassian Token Creation)
-
-
Configure the Integration in SailPoint Entro
-
In the SailPoint Entro Dashboard, go to Management → Accounts & Integrations → Add New Account (top right) → Atlassian
-
Enter:
-
Base URL: e.g.,
https://jira.internal.company.com -
Access Token: the PAT for your integration user
-
Worker Group: select a connector that is active
-
Make sure to select Self Managed
-
-
Click Create Account to verify connectivity.
-
-
Initial Scan
After setup, initiate the first scan manually or allow the default scheduler to begin automatically.
-
Scans use Jira’s REST API to collect metadata and content.
-
Only text‑based data is processed locally by your Worker.
-
Findings metadata is sent securely to SailPoint Entro Cloud for classification.
-
System Requirements
| Component | Requirement |
|---|---|
| Jira Version | 8.0+ |
| API Access | /rest/api/2/ enabled |
| Network | Outbound HTTPS (443) from Worker to SailPoint Entro |
| Authentication | Personal Access Token (PAT) |
| Permissions | Browse Projects, View Issues, View Attachments |
Managing Findings
Detected secrets appear in the Findings Dashboard within SailPoint Entro. Each finding includes:
-
Project name and issue key
-
Secret type (e.g., AWS key, database password)
-
Exposure level (generic or confirmed)
-
Direct Jira links for remediation
From the dashboard, you can:
-
Assign or comment on findings
-
Sync with Jira tickets for tracking
-
Mark false positives as resolved
Generic vs Exposed Secrets
| Type | Definition | Example |
|---|---|---|
| Generic Secret | Pattern‑matched value that may represent a secret. | password=abcd1234 |
| Exposed Secret | Verified secret exposed in accessible content. | AWS_SECRET_ACCESS_KEY=ABCD12345XYZ |
SailPoint Entro classifies secrets to reduce noise and surface only actionable exposures.
Data Privacy & Security
SailPoint Entro never stores raw Jira issue content or attachments. All scanning occurs within your environment via the local Worker. Only metadata and findings are securely transmitted to SailPoint Entro Cloud.
🔒 Compliance Alignment
-
SOC 2 Type II
-
ISO 27001
-
GDPR Compliant
-
Read‑only access enforced by token scope
Note
All communication between the on‑prem Worker and SailPoint Entro Cloud is encrypted (HTTPS/TLS). The Worker processes text-based content locally - raw content and attachments are not stored in SailPoint Entro Cloud.