When to Use
- Automated error comment cleanup: A workflow posts an error comment due to a transient system fault. After the fault clears and the workflow corrects itself, it removes the erroneous error comment to avoid confusing engineers with stale error information.
- GDPR personal data removal: A data erasure workflow identifies comments that contain the subject's personal data, archives them, and deletes them from Jira to comply with right-to-erasure requirements.
- Duplicate comment removal: A retry mechanism accidentally posted the same comment twice. After detecting the duplicate (by comparing body text), the workflow deletes the newer duplicate to keep the issue timeline clean.
- Sensitive data exposure remediation: An automation inadvertently posted a comment containing a password or secret. The security workflow immediately deletes the comment and posts a replacement with the sensitive data redacted.
- Test environment cleanup: In a test Jira project, a post-test workflow removes all comments posted by the automation service account to return the project to a clean state between test runs.
Configuration
Connection
| Field | Required | Description |
Host | Required | Jira instance base URL. Example: https://acmecorp.atlassian.net |
Email | Required | Atlassian account email. Example: automation@acmecorp.com |
ApiToken | Required | API token from Atlassian security settings. Store in Credentials Manager. |
Operation Fields
| Field | Required | Description |
IssueKey | Required | The key of the issue containing the comment. Example: PROJ-123. |
CommentId | Required | The numeric ID of the comment to delete. Example: "10281". Deletion is permanent and irreversible. |
Prefer update over delete for corrections: If you need to correct a comment's content, use comment/update instead of deleting and recreating. Deletion removes the activity stream entry, which can create gaps in audit trails. Only delete when removal is explicitly required (e.g. GDPR erasure, accidental secret exposure).
Sample Configuration
{
"resource": "comment",
"operation": "remove",
"Host": "https://acmecorp.atlassian.net",
"Email": "automation@acmecorp.com",
"ApiToken": "{{ $credentials.jiraApiToken }}",
"IssueKey": "{{ $json.issueKey }}",
"CommentId": "{{ $json.errorCommentId }}"
}
Validation Errors
| Error Code | Cause |
VAL_MISSING_ISSUE_KEY | IssueKey is empty or null. |
VAL_MISSING_COMMENT_ID | CommentId is empty or null. |
COMMENT_NOT_FOUND | No comment exists with the given ID on this issue. |
PERMISSION_DENIED | The API token user is not the comment's author and does not have admin permission to delete others' comments. |
AUTH_FAILED | Invalid credentials or expired API token. |
Output Fields
| Field | Type | Description |
status | string | "success" or "error" |
commentId | string | ID of the deleted comment. |
deleted | boolean | true if the comment was successfully deleted. |
resource | string | Always "comment" |
operation | string | Always "remove" |
Sample Output
{
"status": "success",
"commentId": "10281",
"deleted": true,
"resource": "comment",
"operation": "remove"
}
Expression Reference
| Expression | Type | Example Value | Use |
{{ $output.removeComment.deleted }} | boolean | true | Confirm deletion before logging |
{{ $output.removeComment.commentId }} | string | "10281" | Record deleted comment ID in audit log |
Node Policies & GuardRails
- Log before deleting: Before calling
comment/remove, call comment/get and log the full comment body and author to a secure audit collection. This provides evidence of what was removed.
- Author-only by default: Only the comment's original author can delete it unless the API user has Jira admin privileges. Use the same service account for comment creation and removal.
- Deletion is immediate and permanent: There is no recycle bin for Jira comments. Once deleted, the content cannot be recovered via the API.
Workflow Example — Sensitive Data Remediation
// Step 1: Security scanner detects comment with exposed credentials
// Step 2: comment/get — read comment content for archival
// Step 3: MongoDB/insert — archive redacted evidence
// Step 4: comment/remove — delete the sensitive comment
{
"resource": "comment",
"operation": "remove",
"IssueKey": "{{ $json.issueKey }}",
"CommentId": "{{ $json.sensitiveCommentId }}"
}
// Step 5: comment/add — post replacement comment
{
"IssueKey": "{{ $json.issueKey }}",
"Body": "SECURITY NOTICE: A comment containing sensitive information was automatically removed at {{ $now }}. Please do not post credentials or secrets in Jira comments. Contact security@acmecorp.com if you have questions."
}
// Step 6: Slack/postMessage — alert security team