S/Notify Overview

The following is intended to provide you with an overview of how S/Notify is integrated in Atlassian Jira, Atlassian Confluence and Atlassian Bitbucket, and how it works to support email encryption.

Standard Unprotected

The following diagram illustrates a standard Jira, Confluence or Bitbucket instance that does not protect outgoing or incoming emails. Even with TLS transport encryption between mail servers, there is no real end-to-end encryption. Emails stored on mail servers are in clear text, thus not protected in case of an attack or data leak. Note that emails are unprotected also on the users' computers.

End-to-end Protection with S/Notify

Outbound Email

With the S/Notify Email Encryption app installed, outgoing email can be easily encrypted. Through either S/MIME or PGP encryption, real end-to-end encryption is applied. Even in case of a mail server attack or data leak, the emails can never be decrypted without the recipient’s private key.

The users' S/MIME certificates or PGP keys can be retrieved from LDAP servers, PGP key servers, PKCS#7 key bundles, or GPG key rings, whatever fits best in the given environment.

In addition to encryption, it is possible to sign all outgoing emails to prove their authenticity to the recipients.

Inbound Email

In Jira and its variations, including Jira Service Management, S/Notify allows for protection of inbound email through encryption. Incoming S/MIME or PGP encrypted email is automatically decrypted.

In addition to the email decryption, any S/MIME certificate or PGP key can be extracted to immediately start encrypting any outgoing email to the sender. This allows for automatic encryption setup for enabled users and is particularly useful with Jira Service Management.


The S/Notify Email Encryption apps are brought to you by savignano software solutions, a small yet savvy IT solutions company in Germany. Click here for legal information.