Wall off sensitive Jira projects from AI agents
Security, legal, and HR projects share the same Jira as your sprint board. Keep agents from reading or writing them, and redact whatever still comes back.
For: Teams running AI on Jira with confidential projects in the same instance
Your security, legal, and HR projects sit in the same Jira instance as everything else. Incident-response, legal-hold, and HR-investigation work lives next to the sprint board, and an agent with Jira access sees all of it. Ask it to "summarize open issues" and the active security incident is in scope too.
The control is project-scoped and covers both ways into an issue. deny-view-search-sensitive-projects blocks the read side: it denies the two paths a caller has to reach an issue — fetching it directly by key, and JQL search — matched by project key, so the content never reaches the model context. The write side is handled by deny-write-sensitive-projects, which stops an agent from creating, commenting on, or transitioning issues in those projects.
Whatever still comes back — including a summary the agent built from issue content it was allowed to read — runs through redact-sensitive-info, which masks secrets and PII before the response reaches the caller. The read and write policies each carry their own sensitive-project list, so set the same projects in both to keep the fences aligned. The atlassian bundle collects the curated set.
Policies in this guide
JIRA: Deny Sensitive Project Search and View
Keeps issues that belong to a configurable set of "sensitive" JIRA projects out of read access through the JIRA MCP server.
JIRA: Protect Sensitive Projects from Writes
Blocks write operations against issues that belong to a configurable set of "sensitive" JIRA projects.