Sesam is a JIRA plugin that offers a secure way of storing, managing and sharing passwords across teams.
You can easily use already in place JIRA groups to limit access on certain passwords.
Sesam also offers a way to store a users more private passwords.
You can also install Sesam through the Universal Plugin Manager. (https://confluence.atlassian.com/display/UPM/Installing+add-ons)
You can activate your license with the following steps:
The key length of 256 Bit is only available if Unlimited Strength Jurisdiction Policy is enabled, otherwise 128 Bit will be used by Sesam as a fallback.
If you want to enable Unlimited Strength Jurisdiction Policy follow these steps:
Oracle JavaBefore Java 8 Update 151For Java 8 Update 144 and earlier, you need to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy files:
Java 8 Update 151 and higherThe Unlimited Strength Jurisdiction Policy is included but not used by default. To enable it, you need to edit the crypto.policy=unlimited Java 9Should be enabled by default. OpenJDKShould be enabled by default. |
The Sesam plugin adds a new global Jira permission during installation. This global permission allows to manage general access of Jira users/groups to the Sesam plugin.
Only Jira users/groups who have the global permission assigned can access Sesam. |
By the default the global Sesam permission is initially assigned to following Jira groups (if they exist):
Global Jira permissions can managed as described in https://confluence.atlassian.com/adminjiraserver079/managing-global-permissions-950288425.html.
In order to access the passwords, a user needs to provide the Master Password. This password is used to decrypt the users protected passwords.
DO NOT FORGET YOUR MASTER PASSWORD. In order to decrypt the stored password information, at least one Sesam user needs to be logged in. If there is no user remembering the Sesam password, encrypted password information may be lost permanently. |
When Sesam is opened the first time, the user can set the Master Password.
We highly recommend to use a secure password, that is not used anywhere else. Keep in mind, this single password protects the whole password database. |
The master password can also be changed in the preferences. |
Sesam allows users to reset their master password.
Attention: There is a risk of losing personal private passwords when resetting the master password with this workflow. |
Resetting your master password is easy, you can request a reset on the Sesam login screen by clicking the "Forgot password?" link.
An E-Mail will be sent to the address specified in your JIRA profile. Simply follow the link in the e-mail.
NOTE: The reset link in the e-mail is only valid for 30 minutes. |
You will be guided to a site where you can enter a new master password.
A group can contain a number of passwords and subgroups.
Groups can be used to structure password information and to set the corresponding permissions.
For each group the following permission options can be set:
All of the above permission options can be set either with specific JIRA users or with JIRA groups that are most probably already in place in your JIRA instance.
Groups can be managed via the context menu of the corresponding entry in the group tree.
A password entry contains the following attributes:
In contrast to the shared groups, the private space called "My Passwords" can not be shared with others and is designed to contain the personal passwords.
Those passwords are encrypted in a different way then the shared passwords and will also not be part of any export. Therefore, nobody (not even administrators) have access to this information.
NOTE: Since there is no way to access those passwords, but by entering the corresponding master password, they can NOT be recovered, if the master password is lost. |
In order to share a password with a third party (someone who has no access to your JIRA instance) Sesam provides an external share feature.
A link can be generated, that will reveal the corresponding password for a defined time period and optionally also only for a single time (one-time-share).
NOTE: This feature offers a more secure and better controllable way to share passwords over insecure channels (like email or chat) than directly sending in plain text, however, we highly recommend to update the password every time it was shared with third parties. |
The shared passwords are still securely stored in the database, only by possessing the share link is it possible to access the password information. |
To share a password simply click the "Share" button on the password page.
This will open the share dialog, which allows you to configure the password share.
Following options can be configured:
By clicking on the "Share" button, the password share will be created. The share link will be displayed and can be copied directly by using the copy-to-clipboard button.
The share link can be opened by anyone on the web, since the share page is public. When opening the share page, a countdown will be displayed, which counts down the time until the share expires.
The password information will be loaded after clicking the "Decrypt" button. For One-Time-Shares this can be done only once, afterwards the share link will be invalid.
By default, the password information includes the account and password. If the option for sharing additional fields was selected, the additional fields will also be displayed (if they are not empty).
The password can be viewed in plain by clicking on the view button (the "eye" icon). However, it is also possible to directly copy the password by clicking on the copy-to-clipboard button in which case it is not necessary to view the password in plain at all.
Sesam allows you to view and delete your active password shares. You can to this by selecting the tab Shared passwords on the Preferences site.
All your active password shares are displayed in a paginated table. The share name of each entry is a link to the corresponding share page.
By clicking the Delete button the password share will be immediately deleted.
The table can also be filtered for specific passwords or groups by simply entering the password/group name in the filter search field.
By clicking on Reset, the current filter selection will be deleted, thus showing all results again.
While each user can manage their personal shares, Jira admin users can additionally manage password shares for all users. |
Sesam automatically adds a new activity provider to the Jira Activity Stream.
This allows you to view recent Sesam activity in your Activity Stream dashboard widget.
You can also customize your dashboard widget by applying optional filters. For example listing only activities of a certain group or password, or restrict the entries to a specific set of activity types.
In addition, you can also view your personal Sesam activity in your Jira profile page.
You can view recent user activity on the Recent Activity page. This page can be accessed directly from the Jira menu or by viewing the Preferences site.
The content of this page is a list of recent user activity with optional filters. By default only the last 5 entries are displayed, click on the Show more to view additional entries.
Following filter options are supported:
In order to apply the filter option click on the Filter button. The filter options can be reset by clicking on the Reset button.
You can only see the activity of passwords and groups to which you have at least read access to. |
Sesam provides the ability to link a password within a JIRA issue.
This can simply be done by opening the issue, then clicking the menu entry "More" - "Link". In addition to the default tabs, there is now an additional Sesam tab. After selecting the tab, the password search field can be used to search a password within Sesam.
NOTE: You can only link passwords for which you have at least Read permissions. |
Simply select the password in the search and click on "Link" to finish linking the password to the issue. Of course, multiple passwords can be selected and linked to the issue.
Linked Sesam passwords are displayed in the "Issue Links" section. Clicking on the password link directly forwards to the Sesam password detail view, where the password can directly be copied to the clipboard.
JIRA-Administrators have access to the "Administration" tab on in the preferences.
The general settings page can be used by administrators to configure global Sesam settings.
A list of all top-level groups in the company space. Admins can edit or delete any company container via this user interface.
NOTE: Private groups and passwords of other users cannot be maintained by JIRA-Administrators |
JIRA Admins have access to the Backup & Restore feature. A Backup of all shared groups can be created on demand, including subgroups, passwords and associated data (e.g. tags).
We currently support following file formats for backups:
We save the encrypted backups in the database, so we are able to restore any previously made backup on demand (see Restore Backups). Backups can also be downloaded by JIRA Administrators.
Downloaded Backups are in plain text, therefore, they need to be stored and handled with caution outside of Sesam. |
Restoring a backup allows JIRA administrators to restore a previously backed up state of Sesam.
NOTE: Prior to any restore a backup of the current state will be automatically created, therefore, the restore can be rolled back. |
Backups can be restored directly from the entry in the backups table.
Downloaded/exported backups are restored by uploading the backup file.
If you check the option "preserve associated password date" Sesam tries to preserve favorite passwords and the recent passwords for all users.