Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to easily manage passwords stored across multiple spaces in Confluence

Using Confluence as a source-of-truth wiki is a convenient way of storing your organization’s information in one accessible location. What if we told you, you can easily build a "Password Manager" page in one place?

Information has a habit of quickly getting out of control. Too much of it and it becomes very difficult to handle. Finding relevant information can become a huge chore. Storing and sharing sensitive and restricted information is even harder.

And, when you have a lot of users storing sensitive information such as passwords in multiple locations spread across multiple spaces in Confluence, it would probably be best if there was some way to make finding these passwords more easily.

By combining ServiceRocket’s Scaffolding (forms and templates for your password entry), Reporting (powerful reporting on metadata), and Security and Encryption (industry-grade encryption to store sensitive information), a Confluence admin can easily build a “Password Manager” page that gathers together passwords stored on different pages across multiple spaces in one easily accessible and convenient location.

Screen Shot 2018-05-31 at 12.53.38 PM.png

To find out how to build a password manager like this in Confluence, visit our Use Cases page for a sample content ready for copy-and-paste or try it out yourself at our Demo site.

12 comments

Thank you for the useful post! 

 

May I know why we need to collect it in Confluence instead of web-based password managers like passbolt with link special place, or other popular manager keepass , lastpass? 

 

Cheers,

Gonchik Tsymzhitov

Glad to know it's useful for you! :)

Here are some reasons why:

  • It's right at where your team collaborates, so it's contextual.
  • You can use Confluence's user and group management to manage access.
  • One less external system to maintain (hooray!) when you're already using Confluence
  • And reduce that nasty, accidental copy-and-paste of passwords in Confluence!

@Hanis Khaidir _ServiceRocket_ Thank you for explaining reasons,

I will be happy if you provide more technical info, like how it is stored in DB, what about which algorithms located used for encrypting it. 

Interesting post. Many thanks 

@Gonchik Tsymzhitov Here's a simple diagram that shows how the encryption works:

Screen Shot 2018-06-05 at 11.41.52 AM.pngCredentials are never sent as plain text and is encrypted using PGP, AES and other security measures. The Secure Info is client specific and is only used to reconfirm the identity and re-authenticate the requesting user.

@Hanis Khaidir _ServiceRocket_ Thanks 

 

Now I started to see OpenPGP message:) 

image.png

 

And one small question why message show me version 1.6.2? IS it trick?

When it will be latest library  https://github.com/openpgpjs/openpgpjs/releases

For example Passbolt for show me OpenPGP 3.0.2 version on test env :  https://www.passbolt.com/release/notes

 

 

 

Cheers,

Gonchik Tsymzhitov

Hello,

We'd love to use your app, I think it's a great approach for any company that already uses Confluence and would like to avoid adding another tool for collaborative password management.

but we're using SSO, so our users don't know their Confluence password.

Any plans for compatibility with SSO in the future?

@Philippe Garcia - absolutely. We're discovering ways to do this. Rather than asking you some questions here, would you mind to fill out a quick survey on this at https://servicerocket.typeform.com/to/Y6MtDq ? Cheers.

@Philippe Garcia just letting you know that the SSO support is already available in the Server/DC app.

@Azwandi _ServiceRocket_ , I'm testing the secret-plugin for the cloud-version. I understand that it end-to-end encrypts the text, but I understand that the cloud-databases are encrypted (at rest): https://community.atlassian.com/t5/Confluence-questions/Is-data-at-rest-encrypted-for-Atlassian-cloud-services/qaq-p/159469

And data is encrypted by SSL as well. So it's already decrypted at the browser only. 

The biggest security-issue for us would be some hack that acts as the user. Either some teamviewer/logmein-style tool or dangerous chrome-plugin, whatever. The only solution I could think of is to limit the number of secrets that can be revealed (e.g. per hour) or enter a password to reveal the secret.  

Another thing is that I suppose it makes us depending on your infrastructure, is that right? Do I read from the diagram above 'database' is not the  Confluence-cloud database, but yours? 

So, exactly, what security issues (besides the audit, which is a huge benefit at itself) does this plugin solve exactly?
Thank you!
Robert

Comment

Log in or Sign up to comment
Community showcase
Published in Marketplace Apps & Integrations

☕️ Monday coffee with Jexo: Weekly Atlassian news roundup | 21st June 2021

Hi community 👋, as every Monday we're bringing you a quick update on what happened in the Atlassian ecosystem last week. There were a few interesting events like for example the announcement of th...

33 views 0 5
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you