Skip to main content
Skip table of contents

How Azure DevOps for Jira works and what data is stored

eThe guide that details Azure DevOps for Jira architecture, API calls and data processed

This document related to Azure DevOps for Jira.

Architecture

Setup

Setup.drawio.png

Azure DevOps webhook processing

Webhook processing.drawio.png

APIs used

Setup

  • When the PAT is saved

    • We use the current user identity and ensure it is a Jira admin

    • We encrypt the PAT using AWS KMS

    • The token is saved and linked to the Jira tenant

  • When the Azure DevOps project is associated/saved

    • We save in our database the project linked to the Jira tenant

    • We call Azure DevOps for Jira to create a subscription to the following events:

      • code changes

      • build and release pipeline runs

    • For the above call, the PAT owner must have View/Edit Subscription permissions on the ADO project, otherwise, this operation fails.

Webhook processing

The app does not store any data. Some data is passed via the AWS Cloud Watch logs and store for 7 days for debug purpose. We always work to reduce the amount of data logged.

When Azure DevOps notifies our endpoints

  • We identify the event type

  • We call Azure DevOps to get the entity metadata using REST APIs (if we don’t have everything we need to process an event)

  • The app prepares the Jira payload to share the development information like:

    • commits

    • branches

    • pull requests

    • builds

    • deployments

Create a feature branch

The changes are coming here: The user will need to Login before the feature branch creation to ensure the user’s identity and remove any write-scope permission from the global PAT. This will enable Azure DevOps for Jira to create the feature branch on the user’s behalf.

When a user uses the UI of the application to create a feature branch:

  • We call the app's backend it ensure the user has access to the Jira

  • The app retrieves the PAT and calls Azure DevOps to create the feature branch

The feature branch will be visible only if the Azure DevOps project sends webhooks.

Data processed and stored

Jira application installed

  • Jira tenant information provided by Atlassian is stored in the DB

  • This data is masked in the logs

Setup

The following data is stored:

  • The encrypted PAT is stored in the DB.

  • The PAT is masked in the logs.

  • The configuration metadata is stored in the DB (Ids of things).

Webhook processing

The only data stored for 7 days are the logs in the Cloud Watch.

The data that comes via webhooks and APIs could be potentially stored.

Create a feature branch

Only the logs are stored off the operation.

Data deletion

When the Atlassian application is uninstalled, the app’s metadata is scheduled for deletion within 60 days.

Updated:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close