Configuration
The Tamper-Evident Audit Log is configured from the Admin page, accessible from the Jira project sidebar by users with project-admin or site-admin permissions.
Accessing the admin pageโ
๐ธ Screenshot placeholder โ add after Marketplace listing is live. Screenshot: Jira project sidebar showing the Attestsys admin page entry point.
The admin page is a Forge project page embedded directly in Jira. It is accessible to:
- Jira site administrators
- Jira project administrators (for the specific project)
Regular Jira users can view the issue panel (signed history) but cannot access the admin page.
Admin page overviewโ
The admin page shows:
- Chain status band โ
Audit Chain INTACT ยท verified [timestamp] ยท [Verify now] ยท [Edition] - Summary cards โ Last entry time, Retention period, Timestamping tier, Verified entry count, Exports used this month
- Recent activity โ The 5 most recent audit entries across the workspace, with clickable links back to the source Jira issues
- Subscription section โ Current edition and an Upgrade call-to-action
Retention policyโ
| Edition | Retention |
|---|---|
| Free | 30 days |
| Standard | 1 year |
| Advanced | Unlimited |
| Enterprise | Custom (typically 7+ years) |
Retention is enforced automatically. Entries beyond the retention limit are replaced with signed redaction markers โ the chain continues to verify and the redaction is itself recorded as a chain entry.
โ ๏ธ MANUAL REVIEW REQUIRED โ The exact retention enforcement schedule (daily purge job timing, timezone alignment) should be confirmed against the backend implementation before publishing this page.
Timestamping tierโ
| Edition | Timestamping |
|---|---|
| Free | FreeTSA (non-qualified RFC 3161, clearly labelled) |
| Standard | FreeTSA by default; QTSP-backed qualified timestamps available as optional upgrade |
| Advanced | QTSP-backed qualified timestamps mandatory (QuoVadis Trustlink B.V. NL primary, GlobalSign nv-sa secondary) |
| Enterprise | QTSP-backed qualified timestamps; tenant-selectable QTSP from EU Trusted List shortlist |
Verifying the chainโ
Click Verify now on the admin page to run a full chain verification on demand. The verification:
- Checks every entry's ECDSA signature against the tenant's signing public key
- Checks every entry's hash chain linkage (
prev_hashmatches SHA-256 of the previous entry's signed payload) - Accumulates all failures โ it does not stop at the first broken link
- Reports the total verified count and any failures
The result is shown in the chain status band. A full verification across a large chain may take a few seconds.
Exporting evidence bundlesโ
Click Download Evidence Bundle to generate and download the current signed chain as a ZIP. See Evidence Bundle Export for full details on bundle contents and offline verification.
On the free tier, a maximum of 10 exports are allowed per calendar month. The admin page shows the current count and reset date.
Permissions referenceโ
โ ๏ธ MANUAL REVIEW REQUIRED โ The exact Forge permission scopes required by the app should be confirmed from the Forge manifest (
manifest.yml) before publishing this section. The list below is based on the current scope of implemented features.
The app requests the following Jira scopes:
| Scope | Reason |
|---|---|
read:jira-work | Read issue data for the signed history panel |
read:jira-user | Resolve Jira user display names for audit entries |
write:jira-work | (if applicable โ confirm from manifest) |
All data processing is governed by the Data Processing Agreement and Privacy Policy.