Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

How to easily manage passwords stored across multiple spaces in Confluence

Using Confluence as a source-of-truth wiki is a convenient way of storing your organization’s information in one accessible location. What if we told you, you can easily build a "Password Manager" page in one place?

Information has a habit of quickly getting out of control. Too much of it and it becomes very difficult to handle. Finding relevant information can become a huge chore. Storing and sharing sensitive and restricted information is even harder.

And, when you have a lot of users storing sensitive information such as passwords in multiple locations spread across multiple spaces in Confluence, it would probably be best if there was some way to make finding these passwords more easily.

By combining ServiceRocket’s Scaffolding (forms and templates for your password entry), Reporting (powerful reporting on metadata), and Security and Encryption (industry-grade encryption to store sensitive information), a Confluence admin can easily build a “Password Manager” page that gathers together passwords stored on different pages across multiple spaces in one easily accessible and convenient location.

Screen Shot 2018-05-31 at 12.53.38 PM.png

To find out how to build a password manager like this in Confluence, visit our Use Cases page for a sample content ready for copy-and-paste or try it out yourself at our Demo site.


Thank you for the useful post! 


May I know why we need to collect it in Confluence instead of web-based password managers like passbolt with link special place, or other popular manager keepass , lastpass? 



Gonchik Tsymzhitov

Glad to know it's useful for you! :)

Here are some reasons why:

  • It's right at where your team collaborates, so it's contextual.
  • You can use Confluence's user and group management to manage access.
  • One less external system to maintain (hooray!) when you're already using Confluence
  • And reduce that nasty, accidental copy-and-paste of passwords in Confluence!

@Hanis Khaidir _ServiceRocket_ Thank you for explaining reasons,

I will be happy if you provide more technical info, like how it is stored in DB, what about which algorithms located used for encrypting it. 

Interesting post. Many thanks 

@Gonchik Tsymzhitov Here's a simple diagram that shows how the encryption works:

Screen Shot 2018-06-05 at 11.41.52 AM.pngCredentials are never sent as plain text and is encrypted using PGP, AES and other security measures. The Secure Info is client specific and is only used to reconfirm the identity and re-authenticate the requesting user.

@Hanis Khaidir _ServiceRocket_ Thanks 


Now I started to see OpenPGP message:) 



And one small question why message show me version 1.6.2? IS it trick?

When it will be latest library

For example Passbolt for show me OpenPGP 3.0.2 version on test env :





Gonchik Tsymzhitov

@Gonchik Tsymzhitov we're working on updating that :)


We'd love to use your app, I think it's a great approach for any company that already uses Confluence and would like to avoid adding another tool for collaborative password management.

but we're using SSO, so our users don't know their Confluence password.

Any plans for compatibility with SSO in the future?

@Philippe Garcia - absolutely. We're discovering ways to do this. Rather than asking you some questions here, would you mind to fill out a quick survey on this at ? Cheers.

@Philippe Garcia just letting you know that the SSO support is already available in the Server/DC app.

And for the rest of the readers here, this app is now available for Cloud too! Enjoy!

@Azwandi _ServiceRocket_ , I'm testing the secret-plugin for the cloud-version. I understand that it end-to-end encrypts the text, but I understand that the cloud-databases are encrypted (at rest):

And data is encrypted by SSL as well. So it's already decrypted at the browser only. 

The biggest security-issue for us would be some hack that acts as the user. Either some teamviewer/logmein-style tool or dangerous chrome-plugin, whatever. The only solution I could think of is to limit the number of secrets that can be revealed (e.g. per hour) or enter a password to reveal the secret.  

Another thing is that I suppose it makes us depending on your infrastructure, is that right? Do I read from the diagram above 'database' is not the  Confluence-cloud database, but yours? 

So, exactly, what security issues (besides the audit, which is a huge benefit at itself) does this plugin solve exactly?
Thank you!

Like Nicholas Molina likes this


Log in or Sign up to comment

Atlassian Community Events