As part of rolling out Connect’s return to per installation secrets, we’re making a small change to how Connect Jira and Confluence secrets are formatted. Generated secrets will soon (over the next week or so) include an ATCO
(“Atlassian Connect”) prefix and checksum to help identify secrets as being per-installation (vs shared). The prefix can help Atlassian improve some security detection use-cases - such as where secrets may be exposed or incorrectly stored.
We’ve updated the Security for Connect apps guidance around how these secrets should be handled and stored. The prefix and checksum we’re adding today will add 12 bytes over the existing Connect installation secret size, but please make sure your app can handle storing secrets of up to 400 bytes. We’re not anticipating this small 12 byte increase to cause any issues with apps, and we’ll post an update when the change is live.
Cheers,
Zac
Security Engineer, Ecosystem Security