Configuring UPM app signature check

Using the Universal Plugin Manager

On this page

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

In 2025, Data Center products are rolling out a useful feature that lets you verify the integrity and origin of apps and app files using a digital signature.  

This enhancement not only aims to securely re-enable the app upload feature but also improves security overall, as Marketplace apps will now need to come with a signature too.

To learn more about this feature, explore the latest CDAC post.

This document explains how to configure the app signing feature and how its enablement can change UPM's behavior.

On this page:

UPM version differences in configuration 

When app signing was introduced in UPM 7.1, it was disabled by default, allowing Data Center products to run as usual without any configuration changes.

Starting with UPM 8.0, the feature is enabled by default for all new app installations. This means that to keep installing new apps, you must either configure the location of the trust store folder or disable the app signing feature.

The table below lists the UPM version bundled with major Data Center product versions (some of them are not released yet).

ProductUPM 7.1.xUPM 8.0.0 and later
Bamboo11 and earlier12 and later
Bitbucket9 and earlier10 and later
Confluence9 and earlier10 and later
Crowd6 and earlier7 and later
Jira10 and earlier11 and later

Configuration resources

The app signature check requires the following resources to work: 

  1. Configuration properties. UPM uses properties to enable or disable the feature, and offers the ability to do this for all apps, or depending on the app’s origin. 
  2. The trust store folder that contains trusted certificates

If the trust store folder is empty while the app signing feature is enabled, new apps won’t be installed due to a signature check failure.

Configuration resources location

Location properties

UPM uses system properties to locate its configuration and resources. These properties depend on the version and have default values listed in the following table.

System propertyUPM 7.1UPM 8.0Default value
atlassian.upm.configuration.directoryLocation of the configuration directoryLocation of the configuration directoryupmconfig
atlassian.upm.configuration.fileignoredLocation of the optional configuration fileupmconfig/upm.properties
atlassian.upm.truststore.directoryignoredLocation of the trust store folder where the certificates are storedupmconfig/truststore

The default values for the file and trust store system properties are set to ensure backward compatibility; if you have a running configuration for UPM 7.1, then UPM 8.0 will pick it up without any change.

The resource locations are displayed on the Manage apps and Trusted Certificates pages in the admin panel. This can be a convenient way to find the default locations when no system property is set.

In UPM 8.0, the configuration file property can be set to target any file, including the main product’s configuration file, allowing centralization of all the configuration in a single place.

If you decide to do that, the file will have to comply with UPM’s safety checks.

Location resolution

The actual location of a configuration resource is resolved from the system property value as follows: 

  1. If this value is an absolute path, then it is used as is.
  2. If the value is a relative path, then it is resolved relatively from:
    • the product’s Shared home directory if it is defined
    • the product’s home directory if it is defined
    • the current directory (depends on the running process)
Resolving the upm configuration folder location

atlassian.upm.configuration.directory system property

Shared home

Home

Resulting location

not specified

not specified

not specified

[current folder]/upmconfig

custom_loc

not specified

not specified

[current folder]/custom_loc

not specified

/var/atlassian/shared

/var/atlassian/home

/var/atlassian/shared/upmconfig

not specified

not specified

/var/atlassian/home

/var/atlassian/home/upmconfig

custom_loc

/var/atlassian/shared

/var/atlassian/home

/var/atlassian/shared/custom_loc

custom_loc

not specified

/var/atlassian/home

/var/atlassian/home/custom_loc

/var/atlassian/custom_loc

/var/atlassian/shared

/var/atlassian/home

/var/atlassian/custom_loc




UPM 7.1UPM 8.0
Resolution of the configuration file and the trust store folder

Both are resolved relatively to the UPM configuration directory, which you can specify using the atlassian.upm.configuration.directory system property.

The configuration file and the trust store folder can be resolved independently.
The configuration file resolution

Assuming that the configuration directory is resolved to /upm/configuration/directory, then the configuration file is resolved to /upm/configuration/directory/upm.properties

The configuration file is resolved from the value of atlassian.upm.configuration.file system property.

The trust store folder resolutionAssuming that the configuration directory is resolved to /upm/configuration/directory, then the trust store folder is resolved to /upm/configuration/directory/truststore

The trust store folder is resolved from the value of atlassian.upm.truststore.directory system property.

If the atlassian.upm.configuration.directory system property is set to a non-null value, then UPM 8.0 will use it as UPM 7.1 would have.


Configuration properties

Configuration properties are read from different sources depending on UPM’s version: 

  • In UPM 7.1, properties are read from the UPM configuration file. If they exist, the configuration file and the trust store must be located in the same folder. If the configuration file is missing, the default configuration is applied (that is, the feature is disabled).
  • In UPM 8.0 and later, the configuration properties can be read from one of the following:
    • configuration file (if present)
    • system properties (if the configuration file is missing) 

If no properties are found, the default configuration is applied (that is, the feature is enabled, using the default trust store location resolved as explained before). The location of the optional configuration file and the trust store can be set separately. 

UPM 8.0 is fully compatible with UPM 7.1 configuration and settings, but it offers more flexible ways of achieving the desired result.

The table below describes the supported configuration properties.

KeyDescription

atlassian.upm.signature.check.enabled

This property is deprecated in UPM 8.0.


Enables the feature

  • if defined and equals to true, the feature is enabled
  • if defined and not equal to true, the feature is disabled
  • if not defined, UPM will look for atlassian.upm.signature.check.disabled property

atlassian.upm.signature.check.disabled

Disables the feature

  • if defined and equals to true, the feature is disabled
  • if defined and not equal to true, the feature is enabled
  • defaults to: 

    • true in UPM 7.1 (the feature is disabled by default)

    • false in UPM 8.0 (the feature is enabled by default)

atlassian.upm.signature.check.upload.disabled

Disables app signature check for uploaded apps

This applies if the feature is globally enabled:

  • if defined and equals to true, the feature is disabled for uploaded plugins
  • if defined and not equal to true, the feature is enabled for uploaded plugins
  • if not defined, defaults to false

atlassian.upm.signature.check.marketplace.disabled

Disables app signature check for apps installed from the Marketplace

This applies if the feature is globally enabled:

  • if defined and equals to true, the feature is disabled for Marketplace plugins
  • if defined and not equal to true, the feature is enabled for Marketplace plugins
  • if not defined, defaults to false

atlassian.upm.signature.check.directory_scanner.disabled

Disables app signature check for apps installed by the PIP directory scanner

This applies if the feature is globally enabled:

  • if defined and equals to true, the feature is disabled for scanned apps
  • if defined and not equal to true, the feature is enabled for scanned apps
  • if not defined, defaults to true (the file system is considered safe)

atlassian.upm.signature.check.self_update.disabled

Disables app signature check for UPM self-installation.

This applies if the feature is globally enabled:

  • if defined and equals to true, the feature is disabled for UPM self-update
  • if defined and not equal to true, the feature is enabled for UPM self update
  • if not defined, defaults to false

atlassian.upm.truststore.directory

This property is available only in UPM 8.0.

An alternate way to set the location of the trust store folder.

This might look a bit complex, but the intent is to minimize the configuration effort and make it explicit:

  • In UPM 7.1, the feature is disabled by default, and the admin has to enable it.

  • In UPM 8.0, the feature is enabled by default, and the admin will have to take action to disable it.

In UPM 8.0, the easiest way to disable the feature is to set the atlassian.upm.signature.check.disabledsystem property to true.


Safety check for configuration file and trust store permissions

The configuration file (if it exists) and trust store must meet some permissions and ownership requirements: 

  • prohibited The user running the product must NOT own the configuration file, the truststore folder, or any file or folder it contains
  • prohibited The user running the product must NOT have write privileges on the configuration file, the truststore folder, or any file or folder it contains. 

If UPM’s safety check detects that these conditions are not met when installing an app, the installation will fail, a warning message will be logged, and an audit log entry will be added.

Examples

We assume the product is run by the user product , a member of the users group on a Linux system.

The following folder would pass the safety check:

  • all files have 644 / rw-r--r-- permissions, they are only writable by the config user
  • all folders have 755 / rwxr-xr-x permissions (x is required for the folder content to be readable by the group members)
ls -Rl 
total 0
drwxr-xr-x@ 4 config users  128 Oct 18 11:27 upmconfig

upmconfig
total 8
drwxr-xr-x@ 8 config  users  256 Oct 18 11:27 truststore
-rw-r--r--@ 1 config  users   70 Oct 21 15:58 upm.properties

upmconfig/truststore:
total 48
-rw-r--r--@ 1 config  users  664 Oct 18 11:27 atl_intermediate_g1.crt
-rw-r--r--@ 1 config  users  652 Oct 18 11:27 atl_root_g1.crt
-rw-r--r--@ 1 config  users  519 Oct 18 11:27 fake_vendor_certificate.crt
-rw-r--r--@ 1 config  users  519 Oct 18 11:27 fake_vendor_expired_certificate.crt

This folder would fail the safety check:

  • the upm.properties file belongs to the product user
  • the product user has write privileges on the file atl_intrermediate_g1.crt as a member of the users group
ls -Rl 
total 0
drwxr-xr-x@ 4 config users  128 Oct 18 11:27 upmconfig

upmconfig
total 8
drwxr-xr-x@ 8 config  users  256 Oct 18 11:27 truststore
-r--r--r--@ 1 product users   70 Oct 21 15:58 upm.properties

upmconfig/truststore:
total 48
-rw-rw-r--@ 1 config  users  664 Oct 18 11:27 atl_intermediate_g1.crt
-rw-r--r--@ 1 config  users  652 Oct 18 11:27 atl_root_g1.crt
-rw-r--r--@ 1 config  users  519 Oct 18 11:27 fake_vendor_certificate.crt
-rw-r--r--@ 1 config  users  519 Oct 18 11:27 fake_vendor_expired_certificate.crt



Configure app signature check

  1. Create an empty directory called upmconfig in the product’s home directory. For example, [jira-home]/upmconfig.
  2. Create an empty directory upmconfig/truststore.
  3. Download the certificates provided by Atlassian and copy them to the trust store directory you’ve just created.
  4. To apply a configuration that differs from the default settings:
    1. Create an upm.properties text file in the upmconfig directory.
    2. Add the desired configuration properties as described in the table above.
Examples of upm.properties file content

To enable app signature check with UPM < 8.0: 

atlassian.upm.signature.check.enabled=true

To disable app signature check with UPM >= 8.0.x

atlassian.upm.signature.check.disabled=true

 5. Apply the required file permissions to the configuration folder.

The configuration folder must not belong to the user running the product, and all its content must be read-only for the user running the product.

Applying permissions on Linux and MacOS
  • The product must be run by a regular user called product_user.
  • The configuration folder should be created by product_user.
  • There should be another user called admin, who is a member of the admingroup group, which can use privilege elevation commands (sudo).
  1. Open a terminal as admin, and go to the configuration folder’s parent: 
    cd [jira-home]/

  2. Take ownership of the configuration folder: 
    sudo chown -R admin:admingroup upmconfig 

  3. Make the files read-only for all users except the owner: 
    chmod 644 upmconfig/upm.properties upmconfig/truststore/*
     
  4. Make the folders readable and executable for all users except the owner: 
chmod 755 upmconfig upmconfig/truststore

The folders need to be executable for the files they contain to be visible.


Applying permissions on Windows

The user running the DC application must NOT be an admin, and must NOT have administrator privileges to the file system. In this example, Jira runs on Windows by the Local Service Account.

The user configuring the feature must either be an administrator or have administrator access to the file system.

  1.  As an admin, take ownership of the configuration folder.
  2. Remove all permissions of the upmconfig directory. Windows will warn you that you'll lose access to the file and its content.
  3. Open a command (cmd) window as an admin.
    1. Navigate to the product’s home directory.
    2. Run the takeown /F upmconfig /R command. At this point, you should be prompted to accept replacing the directory permissions.
  4. As an admin, give the local service user permission to read the upmconfig directory and its content.

That’s all! After you restart the service, UPM will detect that its default configuration directory exists and read the properties file, enabling the signature check.

You can add new certificates to the truststore folder at any time, but they must NOT be writable by the user who is running the application. You can customize the location of the configuration folder by setting the atlassian.upm.configuration.directory system property as described previously on this page.

When everything is configured correctly, you’ll see the “Configuration check was successful” message.

 

If you see an error, refer to App signing troubleshooting

Update configuration and certificates

Configuration

You can create or edit the configuration file while the product is running.

In UPM 8.0, the system properties are read-only when the product starts, and the configuration read from the configuration file takes precedence over any other configuration. This means that if the feature is disabled using system properties, it can be enabled later by creating the configuration file with the appropriate values.

Certificates

If the feature is enabled, you can add the certificates at any time while the product is running.

Enable the feature with UPM 7.1

In UPM 7.1, the feature is disabled by default.

We assume the instance is running and no system properties were set.

  1. Create the UPM configuration folder at the default location as explained before.
  2. Add atlassian.upm.signature.check.enabled=true to the upm.propeties file.
  3. Copy Atlassians certificates to the truststore directory.
  4. Set the correct file permissions, and make sure the user running the product isn't the owner of any file in the configuration folder.

Add certificates with UPM 8.0

In UPM 8.0, the feature is enabled by default, but there are no certificates.

  1. Create the UPM configuration folder at the default location as explained before.
  2. Copy Atlassian certificates to the truststore directory.
  3. Set the correct file permissions, and make sure the user running the product is not the owner of any file in the configuration folder.

Disable the feature with UPM 8.0

In UPM 8.0, the feature is enabled by default.

We assume the product is running and no system properties were set.

  1. Create the UPM configuration folder at the default location as explained before.
  2. Add atlassian.upm.signature.check.disabled=true to the upm.properties file.

Consequences on other UPM configuration

The app signing feature has been added to re-enable app installation by uploading files to the platform.

By default, the Upload app button was disabled in recent product versions, and administrators could re-enable it by setting the upm.plugin.upload.enabled system property to true .

The app signature check feature has an impact on this as shown in the following table.

upm.plugin.upload.enabled

system property value

App signature check feature

App upload feature

true

enabled

enabled

true

disabled

enabled with warnings

false

disabled

disabled

false

enabled

disabled

unspecified

enabled

enabled

unspecified

disabled

disabled

Last modified on Jul 3, 2025

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.