Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to easily manage passwords stored across multiple spaces in Confluence

Using Confluence as a source-of-truth wiki is a convenient way of storing your organization’s information in one accessible location. What if we told you, you can easily build a "Password Manager" page in one place?

Information has a habit of quickly getting out of control. Too much of it and it becomes very difficult to handle. Finding relevant information can become a huge chore. Storing and sharing sensitive and restricted information is even harder.

And, when you have a lot of users storing sensitive information such as passwords in multiple locations spread across multiple spaces in Confluence, it would probably be best if there was some way to make finding these passwords more easily.

By combining ServiceRocket’s Scaffolding (forms and templates for your password entry), Reporting (powerful reporting on metadata), and Security and Encryption (industry-grade encryption to store sensitive information), a Confluence admin can easily build a “Password Manager” page that gathers together passwords stored on different pages across multiple spaces in one easily accessible and convenient location.

Screen Shot 2018-05-31 at 12.53.38 PM.png

To find out how to build a password manager like this in Confluence, visit our Use Cases page for a sample content ready for copy-and-paste or try it out yourself at our Demo site.

12 comments

Thank you for the useful post! 

 

May I know why we need to collect it in Confluence instead of web-based password managers like passbolt with link special place, or other popular manager keepass , lastpass? 

 

Cheers,

Gonchik Tsymzhitov

Glad to know it's useful for you! :)

Here are some reasons why:

  • It's right at where your team collaborates, so it's contextual.
  • You can use Confluence's user and group management to manage access.
  • One less external system to maintain (hooray!) when you're already using Confluence
  • And reduce that nasty, accidental copy-and-paste of passwords in Confluence!

@Hanis Khaidir _ServiceRocket_ Thank you for explaining reasons,

I will be happy if you provide more technical info, like how it is stored in DB, what about which algorithms located used for encrypting it. 

Interesting post. Many thanks 

@Gonchik Tsymzhitov Here's a simple diagram that shows how the encryption works:

Screen Shot 2018-06-05 at 11.41.52 AM.pngCredentials are never sent as plain text and is encrypted using PGP, AES and other security measures. The Secure Info is client specific and is only used to reconfirm the identity and re-authenticate the requesting user.

@Hanis Khaidir _ServiceRocket_ Thanks 

 

Now I started to see OpenPGP message:) 

image.png

 

And one small question why message show me version 1.6.2? IS it trick?

When it will be latest library  https://github.com/openpgpjs/openpgpjs/releases

For example Passbolt for show me OpenPGP 3.0.2 version on test env :  https://www.passbolt.com/release/notes

 

 

 

Cheers,

Gonchik Tsymzhitov

@Gonchik Tsymzhitov we're working on updating that :)

Hello,

We'd love to use your app, I think it's a great approach for any company that already uses Confluence and would like to avoid adding another tool for collaborative password management.

but we're using SSO, so our users don't know their Confluence password.

Any plans for compatibility with SSO in the future?

@Philippe Garcia - absolutely. We're discovering ways to do this. Rather than asking you some questions here, would you mind to fill out a quick survey on this at https://servicerocket.typeform.com/to/Y6MtDq ? Cheers.

@Philippe Garcia just letting you know that the SSO support is already available in the Server/DC app.

And for the rest of the readers here, this app is now available for Cloud too! https://marketplace.atlassian.com/apps/6484/security-and-encryption-for-confluence?hosting=cloud&tab=overview Enjoy!

@Azwandi _ServiceRocket_ , I'm testing the secret-plugin for the cloud-version. I understand that it end-to-end encrypts the text, but I understand that the cloud-databases are encrypted (at rest): https://community.atlassian.com/t5/Confluence-questions/Is-data-at-rest-encrypted-for-Atlassian-cloud-services/qaq-p/159469

And data is encrypted by SSL as well. So it's already decrypted at the browser only. 

The biggest security-issue for us would be some hack that acts as the user. Either some teamviewer/logmein-style tool or dangerous chrome-plugin, whatever. The only solution I could think of is to limit the number of secrets that can be revealed (e.g. per hour) or enter a password to reveal the secret.  

Another thing is that I suppose it makes us depending on your infrastructure, is that right? Do I read from the diagram above 'database' is not the  Confluence-cloud database, but yours? 

So, exactly, what security issues (besides the audit, which is a huge benefit at itself) does this plugin solve exactly?
Thank you!
Robert

Like Nicholas Molina likes this

Comment

Log in or Sign up to comment
Community showcase
Published in Apps & Integrations

Send an Email or Publish to Confluence - What should you do with your release notes?

Background When you hear the words ‘Release notes’, almost always you think of an unsolicited email from a software vendor. But I am here to tell you that from our data, sending release notes via E...

141 views 1 2
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you