How to Use Secure Info Documentation

Note: This app currently does not support team-managed(next-gen) projects.

Note: If you add or edit a comment, you will have to press the “Update Messages” button and refresh the page to secure the message.

 

Secure Info App User Interface:

Secure Info Admin Page

 

1. Granting Users Access To Secure Info App

After installing the app, you can go to a specific issue where you want to secure info and look the Secure Info app.

Clicking on an issue for a project will automatically create a new project role called “Secure Info Admins“. Someone with project admin permissions will need to assign users to have this role to enable them to use secure info. All users without access to secure info will only see this screen:

To access secure info, simply go to Project > Project Settings > People. Click on the user you want to grant access to and check the Secure Info Admins role. Note that any user given the Secure Info Admin role will be able to edit ALL comments within the project. Alternatively, if they have not yet been added to People, click Add people and select the Secure Info Admins role.

Once a user has access, they can see the secure info app, which will look like this:

2. Add Secure Message

To secure information, simply press the button labelled “Add Secure Message”. A pop-up window will appear, where you can add information you want to hide.

Input the information you would like to hide in the Message Content text field and the text you would like to replace it with in the Message Name field. You will need to input a value for both fields. Ensure neither the content nor name is duplicated from a pre-existing Message in the current issue. Then, press submit and the information will be added to the table. Each issue will have its own unique secure info table.

Any comments or description that contains any “Content” from the table will be replaced by the corresponding “Name” surrounded by locks. You will need to press the “Update Messages“ button and reload the page. Only users with access to Secure Info will know what the content actually is. It will look like this:

3. Edit Messages

Once you have added a secure message and it appears on the table, you can edit the message. Click on the edit button to the message you want to change and a window will pop up. You can change the name, the content or both and click the Save button to save your changes. Again, make sure neither name nor content is duplicated from another message within the issue. You will need to press the “Update Messages“ button and reload the page to see the changes.

4. Deleting Messages

Note that “deleting messages” in Secure Info really means unsecuring secured info. If you want to remove messages from the comments they appear in, that needs to be done manually. If you would like to delete messages, there are two ways of doing so. You can either check each entry you want to delete and press the “Delete Selected” button, or you can press the “Delete All” button to remove all secure info. Deleting a message will revert any locked content back to the text displayed under content. For example, when the row containing WebsitePassword and Password is deleted, all instances of 🔒WebsitePassword🔒 will be replaced by Password in the comments.

 

5. View Changes In Comments And Description

To see the changes show up after adding, editing or deleting secure information, you will need to refresh the page. If you add or edit a comment to have secure info, you will need to press Update Messages before refreshing the page.

 

6. Search for Secured Info

You can search for secured info in the table and filter the results that appear. Simply enter what you want to search in the search bar, and the table will show entries that contain the message in either of the Name or Content. It is also case insensitive, so searching for test and TEST will yield the same results. To clear the search filter, simply delete all text from the search bar and press the Search button or refresh the page. In the example below, the row with WebsitePassword no longer appears, as the search term is Phone.

7. Scan for Sensitive Info

 

If you have Google DLP setup, you can use this button, otherwise a popup will show that you cannot.

Go down to the section titled “Google DLP” for information on how to set it up.

Clicking the button will scan for information that needs to be secured. It will search for the types that have been specified in the admin page. If there are none specified, the Google DLP will still search for some types by default. Once Google DLP finishes scanning, a pop-up will show of content it has found which you may want to secure. In the example below, it has found an email and a phone number. You can then choose which content to secure, if any and click the “Save” button. Click on “Update Messages” and refresh the page to see the changes.

8. Google DLP

Note that the app is in beta and Google DLP may not work for complicated comments.

In order to use Google DLP, a Google cloud console project must be setup, and project and API keys obtained. See Setup Google DLP

To setup Google DLP API, go to Settings > Apps > Secure Info Admin Page

You will need to have Google DLP or set it up to use this feature. Once you have Google DLP, click on “Setup Google DLP API” and enter your Google DLP Project key and Google DLP API token. Click “Submit Info”.

You can verify if it worked by clicking on “CheckGoogle DLP API and SecureInfo Status”. To choose which types of sensitive information you want Google DLP to look for, choose from the dropdown underneath types. You can add multiple at once. Click on “Add InfoTypes” after you are done selecting. The info types will show up in the table. You can remove them individually by clicking “Remove” or check a checkbox next to all the ones you want to remove and click on “Remove Selected”.