diff --git a/backend/src/services/jiraService.js b/backend/src/services/jiraService.js
index ceb89f5..f854941 100644
--- a/backend/src/services/jiraService.js
+++ b/backend/src/services/jiraService.js
@@ -12,6 +12,10 @@ function getRequiredEnv(name) {
   return value;
 }
 
+function oauthKey(accountId) {
+  return `oauth.${accountId.replaceAll(':', '_')}`;
+}
+
 function getExpiresAt(expiresInSeconds) {
   if (!expiresInSeconds) return null;
   return Date.now() + (Number(expiresInSeconds) - 60) * 1000;
@@ -114,7 +118,7 @@ export async function saveOAuthConnection(tokenPayload) {
     expiresAt: getExpiresAt(tokenPayload.expires_in)
   };
 
-  await kvOAuth.put(`oauth.${profile.accountId}`, JSON.stringify(connection));
+  await kvOAuth.put(oauthKey(profile.accountId), JSON.stringify(connection));
 
   return { connection, profile };
 }
@@ -152,12 +156,12 @@ async function refreshAccessToken(connection) {
     expiresAt: getExpiresAt(refreshed.expires_in)
   };
 
-  await kvOAuth.put(`oauth.${connection.jiraAccountId}`, JSON.stringify(updated));
+  await kvOAuth.put(oauthKey(connection.jiraAccountId), JSON.stringify(updated));
   return updated;
 }
 
 async function getValidConnection(jiraAccountId) {
-  const entry = await kvOAuth.get(`oauth.${jiraAccountId}`);
+  const entry = await kvOAuth.get(oauthKey(jiraAccountId));
   if (!entry) throw new Error('Jira is not connected for this account.');
 
   const connection = entry.json();