How to easily manage passwords stored across multiple spaces in Confluence

Using Confluence as a source-of-truth wiki is a convenient way of storing your organization’s information in one accessible location. What if we told you, you can easily build a "Password Manager" page in one place?

Information has a habit of quickly getting out of control. Too much of it and it becomes very difficult to handle. Finding relevant information can become a huge chore. Storing and sharing sensitive and restricted information is even harder.

And, when you have a lot of users storing sensitive information such as passwords in multiple locations spread across multiple spaces in Confluence, it would probably be best if there was some way to make finding these passwords more easily.

By combining ServiceRocket’s Scaffolding (forms and templates for your password entry), Reporting (powerful reporting on metadata), and Security and Encryption (industry-grade encryption to store sensitive information), a Confluence admin can easily build a “Password Manager” page that gathers together passwords stored on different pages across multiple spaces in one easily accessible and convenient location.

Screen Shot 2018-05-31 at 12.53.38 PM.png

To find out how to build a password manager like this in Confluence, visit our Use Cases page for a sample content ready for copy-and-paste or try it out yourself at our Demo site.

12 comments

Comment

Log in or Sign up to comment
Gonchik Tsymzhitov
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 31, 2018

Thank you for the useful post! 

 

May I know why we need to collect it in Confluence instead of web-based password managers like passbolt with link special place, or other popular manager keepass , lastpass? 

 

Cheers,

Gonchik Tsymzhitov

Hanis Khaidir [ServiceRocket]
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
May 31, 2018

Glad to know it's useful for you! :)

Here are some reasons why:

  • It's right at where your team collaborates, so it's contextual.
  • You can use Confluence's user and group management to manage access.
  • One less external system to maintain (hooray!) when you're already using Confluence
  • And reduce that nasty, accidental copy-and-paste of passwords in Confluence!
Gonchik Tsymzhitov
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 31, 2018

@Hanis Khaidir [ServiceRocket] Thank you for explaining reasons,

I will be happy if you provide more technical info, like how it is stored in DB, what about which algorithms located used for encrypting it. 

Fabio Genovese
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 1, 2018

Interesting post. Many thanks 

Hanis Khaidir [ServiceRocket]
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
June 4, 2018

@Gonchik Tsymzhitov Here's a simple diagram that shows how the encryption works:

Screen Shot 2018-06-05 at 11.41.52 AM.pngCredentials are never sent as plain text and is encrypted using PGP, AES and other security measures. The Secure Info is client specific and is only used to reconfirm the identity and re-authenticate the requesting user.

Gonchik Tsymzhitov
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
June 5, 2018

@Hanis Khaidir [ServiceRocket] Thanks 

 

Now I started to see OpenPGP message:) 

image.png

 

And one small question why message show me version 1.6.2? IS it trick?

When it will be latest library  https://github.com/openpgpjs/openpgpjs/releases

For example Passbolt for show me OpenPGP 3.0.2 version on test env :  https://www.passbolt.com/release/notes

 

 

 

Cheers,

Gonchik Tsymzhitov

Hanis Khaidir [ServiceRocket]
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
June 5, 2018

@Gonchik Tsymzhitov we're working on updating that :)

Philippe Garcia November 14, 2018

Hello,

We'd love to use your app, I think it's a great approach for any company that already uses Confluence and would like to avoid adding another tool for collaborative password management.

but we're using SSO, so our users don't know their Confluence password.

Any plans for compatibility with SSO in the future?

Azwandi _ServiceRocket_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
November 15, 2018

@Philippe Garcia - absolutely. We're discovering ways to do this. Rather than asking you some questions here, would you mind to fill out a quick survey on this at https://servicerocket.typeform.com/to/Y6MtDq ? Cheers.

Azwandi _ServiceRocket_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
October 2, 2020

@Philippe Garcia just letting you know that the SSO support is already available in the Server/DC app.

Azwandi _ServiceRocket_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
October 2, 2020

And for the rest of the readers here, this app is now available for Cloud too! https://marketplace.atlassian.com/apps/6484/security-and-encryption-for-confluence?hosting=cloud&tab=overview Enjoy!

Robert Haerkens March 1, 2021

@Azwandi _ServiceRocket_ , I'm testing the secret-plugin for the cloud-version. I understand that it end-to-end encrypts the text, but I understand that the cloud-databases are encrypted (at rest): https://community.atlassian.com/t5/Confluence-questions/Is-data-at-rest-encrypted-for-Atlassian-cloud-services/qaq-p/159469

And data is encrypted by SSL as well. So it's already decrypted at the browser only. 

The biggest security-issue for us would be some hack that acts as the user. Either some teamviewer/logmein-style tool or dangerous chrome-plugin, whatever. The only solution I could think of is to limit the number of secrets that can be revealed (e.g. per hour) or enter a password to reveal the secret.  

Another thing is that I suppose it makes us depending on your infrastructure, is that right? Do I read from the diagram above 'database' is not the  Confluence-cloud database, but yours? 

So, exactly, what security issues (besides the audit, which is a huge benefit at itself) does this plugin solve exactly?
Thank you!
Robert

Like Nicholas Molina likes this
AUG Leaders

Atlassian Community Events