In Exalate 4.x, there is no need to share access credentials anymore, even if your instance requires authentication.
Starting from 4.0.0 version in the Exalate app for JIRA Server, 4.1.0 in the Exalate app for JIRA Cloud and 2.0.0 in the Exalate app for HP QC/ALM, Exalate is using a new security approach.

Below you can find answers to the most common security questions.

 What if the invitation was sent to the wrong person - could it be applied?

No, the invitation could be applied only to the invited side. It includes an Invitation code that helps to secure Connection data.  

 What infomation is exchanged with the other side?

Once the Connection set-up is finished, Exalate generates the shared secret. The secret is used to define a secure connection between both Instances.

It is shared only once to generate a JWT token. The token is temporary and is generated for every communication request between Exalate on both Instances.

The following information is exchanged between Instances:

  • shared secret;
  • information about the type of the connection with the Destination instance;
  • Connection name;
  • information about the Connection initiator
    • Exalate app version, including supported features
    • Instance type and version ( JIRA Server, JIRA Cloud or HP QC/ALM)
    • Instance URL and Exalate URL
    • Instance UID, which is a unique instance identifier
 How is the data transfer secured?

The JWT token generates on every communication request between Instances. It authenticated the request so the destination side can be sure they are getting data from the expected Instance.

 What information is stored locally?

Instance URL, Instance version, Exalate URL, a unique instance identifier.

 How the connection is secured and authenticated between the Exalate app for Jira Cloud and Jira Cloud Instance?

For more details check Atlassian security overview.

 How the connection is secured and authenticated between the Exalate app for HP QC/ALM and HP QC/ALM Instance?

On the configuration stage of the Exalate app for HP QC/ALM you need to specify HP QC /ALM Instance(issue tracker) user and password. The credentials are used to communicate with the HP QC/ALM Instance.

See Also

How is the data secured on the Exalate server for Jira Cloud?


private / public issue synchronization