Hi,
You can find some information regarding this issue here: Shared responsibility model (atlassian.com)
eg.
Data storage
Ensure that data is appropriately stored and read by your app.
Your responsibilities
- Ensure that sensitive security data, such as pre-shared keys, API keys, or encryption keys are not hardcoded in the source code. Secure storage, such as encrypted environment variables, should be used to supply keys at runtime.
- Ensure that keys are rotated on a regular basis. You should rotate sensitive API keys at least every 90 days.
Atlassian’s responsibilities
- Encrypt data at rest for data stored within Forge app storage.
- Segregate data storage to prevent cross-tenant access. This includes Forge app storage.