Privacy and Security

Created by Maryna Pristrom
Last updated: Jan 27, 2019

This page describes what private and secret data is accessed or stored by the plugin and for what purposes. 

JBehave For Jira plugin has two storage modes for the content that is viewed or generated with the help of plugin's functionality: 1 - Jira database or 2 - Git repository. In case of the latter the plugin needs to be configured with a number of parameters required for the integration with the remote git server. What information is used stored and how it is then used is covered in the following sections. If you however have configured the plugin to use Jira database for storage, then no private information is stored or sent to any external systems by the plugin. 

Private Data

JIRA user name and email address

This information is retrieved from Jira's database via Jira's Java API and is copied into Git commit information, namely commit author/committer name and email fields respectively when the user updates the story content with the help of the plugin. This commit information is then synchronised with the remote git server and the user name and email address fields will be visible on the remote git server as well as any cloned copies of the git repository on the end user machines. 

GIT committer name and email address

In case of Git storage option, the project administrator has the option of specifying a fixed committer name and email address via the plugin's configuration page. If specified these fields will be copied into git commit information namely committer name and email address, which then will be visible on remote git server and any cloned copies of the repository on the end user machines. If these field are not populated then Jira use name and email address of the user making the changes will be used as described above.

Secret Information

GIT username and password

In case of Git storage option, the changed content needs to be synchronised with the remote git repository. Project administrator normally needs to provide user credentials with which to access the remote git server (unless anonymous access is enabled). In case of HTTPS protocol option the project administrator needs to specify user name and password with which to connect to the git server. These values are sent over the network to the configured git server using underlying GIT client application. The values are configured once via the plugin's configuration page and persisted in Jira's database using Jira's Java API. 

SSH private key file and passphrase

In case of SSH protocol selection for accessing the remote git server, project administrator needs to specify path to the SSH private key file and it's passphrase (if used) in the plugin configuration page. These values are stored in Jira's database via Jira's Java API and are used to achieve password less authentication based on private and public SSH key authentication mechanism.