Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Would your team use a tool to detect and redact secrets shared in Confluence pages?

johnsbucket
johnsbucket
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 5, 2025

In many orgs, credentials and secrets (API keys, tokens, passwords) accidentally end up in Confluence pages, comments, or file uploads.

 I’m exploring an AI tool that:

  • Scans content and attachments in Confluence for exposed secrets

  • Flags them with a summary (e.g., page, location, type of secret)

  • Suggests a redacted version of the page or attachment

  • Optionally lets you create a Jira issue to track remediation 

Would this solve a real pain point for your teams?

Have you ever had to clean up secret leaks in Confluence manually?

Would you want this as a background scanner with notifications, or something more interactive?

Appreciate any thoughts trying to validate before building.

Answer
Watch
Like # people like this
123 views

3 answers

2 votes
fzmuhammad
fzmuhammad
Contributor
July 5, 2025

This would be super useful. We've had to manually clean secrets from Confluence before, and it's a hassle. Auto-scanning with redaction suggestions and Jira integration sounds ideal. A background scanner with notifications would be the best fit, low friction, high impact. Solves a real problem.

Reply
1 vote
Staffan Redelius
Staffan Redelius
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 5, 2025

Hi @johnsbucket  and welcome to the Community!

I think this sounds interesting, are you thinking of building some kind of app doing this?

By your explanation it sounds like at least some of the features are included in the Atlassian Guard Premium subscription. Would your app add additional functionality or similar at a lower price?

https://www.atlassian.com/software/guard/guard-premium

Best regards,
/Staffan

View More Comments
johnsbucket
johnsbucket
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 5, 2025

Yes, I’m currently in the early validation phase exploring if this should be built as a Forge app, a Rovo agent, or something standalone with Atlassian API integration.

 

You’re right Atlassian Guard Premium does provide secret scanning in Bitbucket (and auditing across the org), but here’s how this tool could go beyond that:

 

1. Multi-product coverage (not just Bitbucket)

This agent would scan across:

  • Bitbucket commits and PRs
  • Confluence pages, attachments
  • Jira tickets and file uploads

2. Active secret validation

Instead of just regex matching, it would ping the secret (where safe) to check if it’s valid  reducing false positives.

 3. Suggested remediation

It wouldn’t just alert — it would:

  • Auto-generate PRs to remove/replace secrets from code
  • Suggest redactions for Confluence pages
  • Create Jira issues to track exposure and clean-up 

4. Human-in-the-loop control

All actions would require manual review so nothing gets auto-applied without confirmation.

The goal is to combine broader coverage, practical remediation, and lightweight pricing — especially for teams not already on Guard Premium, or those who want deeper automation on top of it.

Would love to know  is your team using Guard now, or evaluating alternatives?

Like Andy Gladstone likes this
Reply
0 votes
Kristian Klima
Kristian Klima
Community Champion
July 7, 2025

Hi @johnsbucket 

You may want to check Data Encryption for Confluence.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security