Integrate a new Confluence Cloud source
For now, only real-time scanning is supported to detect secrets in pages, blogs and comments. All detectors are supported, with the exception of these 2 generic detectors, in order to limit the risk of false positives:
Setting up and configuring this integration is limited to users with an Owner or Manager access level. Confluence Cloud site installation is only open to workspaces under the Business plan, but uninstallation is open to all. Alternatively, you can install and test secret detection in Confluence Cloud with a 30-day trial. Any secret incidents created during this period will remain accessible in your incident dashboard after the trial period.
GitGuardian integrates natively with Confluence Cloud via an OAuth2 app and a Connect app that you can install on your Confluence Cloud sites. Note that the GitGuardian OAuth2 app only has read access to your spaces.
Setup your Confluence Cloud integration
You can install GitGuardian on multiple Confluence Cloud sites to monitor your spaces.
- Make sure you're logged in the Confluence Cloud site you want to install
- In the GitGuardian platform, navigate to the Sources integration page
- Click on the Install button next to Confluence Cloud in the Documentation section
- Click on the Install button of the Confluence Cloud integration page
- Click on the Connect with Confluence Cloud in the installation modal
- Make sure you are connected to the right Confluence Cloud site
- Click on the Accept button to accept the permissions requested by GitGuardian
- Click on the Open Confluence Cloud settings in the installation modal
- Click on Settings in the Manage apps page of your Confluence Cloud site
- Check the Enable development mode option and click Apply in order to allows the installation of our Connect app
- Click on Upload app in the Manage apps page of your Confluence Cloud site
- Paste our app descriptor URL and click Upload to upload and install our app:
- For GitGuardian SaaS US:
https://dashboard.gitguardian.com/api/v1/confluence-cloud/connect-app/app-descriptor/
- For GitGuardian SaaS EU:
https://dashboard.eu1.gitguardian.com/api/v1/confluence-cloud/connect-app/app-descriptor/
- For GitGuardian Self-Hosted:
https://<gitguardian.acme.com>/api/v1/confluence-cloud/connect-app/app-descriptor/
Customize with your GitGuardian Self-Hosted instance URL
That's it! Our OAuth2 app is now automatically invited on all your spaces and our Connect app connected to your Confluence Cloud site. It will now start monitoring all pages, blogs and comments of your spaces for secrets.
Setup Confluence Cloud for self-hosted GitGuardian
We recommend using dedicated workers for Confluence Cloud. For more detailed information on scaling and configuration, please visit our scaling page.
If you are using a self-hosted GitGuardian instance, you must first configure a dedicated Confluence Cloud App so that you own the entire data stream. This will ensure that your Confluence Cloud App is created with all the appropriate rights.
1. Create a Confluence Cloud app
- Navigate to the Confluence Cloud integration page
- Click on Configure Confluence Cloud app
As a Confluence Cloud administrator
- Click on Create Confluence Cloud app (Alternatively, if you're not a GitGuardian Manager, you can access the Atlassian developer console directly)
- Type the name of your new Confluence Cloud app:
GitGuardian
- Agree to Atlassian's developer terms by checking: I agree to be bound by Atlassian's developer terms.
- Click on Create
- Go to the Permissions page
- Click on Add button next to the Confluence API line
- Click on Configure button next to the Confluence API line
- In the Classic scopes tab, click on the Edit Scopes button of the Confluence platform REST API section
- Select the following classic scopes:
read:confluence-content.all
read:confluence-content.permission
read:confluence-content.summary
read:confluence-groups
read:confluence-props
read:confluence-space.summary
read:confluence-user
readonly:content.attachment:confluence
search:confluence
- Click on Save
- In the Granular scopes tab, click on the Edit Scopes button
- Select the following granular scopes:
read:blogpost:confluence
read:comment:confluence
read:page:confluence
read:space:confluence
- Click on Save
- Go to the Authorization page
- Click on Add button next to the OAuth 2.0 (3LO) line
- Enter the callback URL based on your GitGuardian self-hosted instance URL:
https://<gitguardian.acme.com>/api/v1/confluence-cloud/app/install_callback/
- Click on Save changes
- Go to the Overview page
- Get your App details (
App ID
) (alternatively, you can find and copy it more easily from the URL) - Go to the Settings page
- Get your Authentication details (
Client ID
,Secret
)
That's it! Your Confluence Cloud app has been created and you can now declare your Confluence Cloud app in the GitGuardian Platform.
Alternatively, if you are not a GitGuardian Manager, you can now return the Confluence Cloud app credentials to your requester in the secure way of your choice (App ID
, Client ID
, Secret
).
As a non Confluence Cloud administrator
If you don't have the right to create a Confluence Cloud app, please ask your Confluence Cloud administrator to do it for you. You can easily forward a request with this procedure:
- Click on the Send a request to a Confluence administrator link to easily forward your request
- They should in turn provide you with the Confluence Cloud app credentials to proceed with the rest of the configuration.
2. Declare your Confluence Cloud app in the GitGuardian Platform
- Paste your Confluence Cloud app credentials (
App ID
,Client ID
,Secret
) - Click on Save and close
That's it! Your Confluence Cloud configuration is now ready and you can now setup your Confluence Cloud integration.
Edit your Confluence Cloud app configuration
In case you need to edit your Confluence Cloud app configuration, due to an error when declaring your Confluence Cloud app credentials or due to a secret rotation, you can do so as follows:
- Click on Edit Confluence Cloud app
- Update your Confluence Cloud app credentials
- Click on Save and close
Delete your Confluence Cloud app configuration
In case you need to delete your Confluence Cloud app configuration, you can do so as follows:
- Click on Edit Confluence Cloud app
- Click on Delete configuration
- Confirm by clicking on Delete configuration in the confirmation modal
Deleting your Confluence Cloud app configuration will uninstall all your Confluence Cloud integrations. However, all your existing incidents detected on Confluence Cloud will remain available on your dashboard. Note that deleting the Confluence Cloud app configuration will only delete the configuration, not the Confluence Cloud app. If you want to delete your Confluence Cloud app, you must do so from your Confluence Cloud site.
Uninstall your Confluence Cloud site
To uninstall a Confluence Cloud site:
- In the GitGuardian platform, navigate to the Sources integration page
- Click on the Edit button next to Confluence Cloud in the Documentation section
- Click on the bin icon next to the Confluence Cloud site to be uninstalled
- Confirm by clicking on the Yes, uninstall the connect app button in the confirmation modal
- Uninstall the Connect App by clicking on Uninstall
- Confirm by clicking on the Uninstall app button in the confirmation modal
That's it! Your Confluence Cloud site is now uninstalled.
Remove the GitGuardian OAuth2 app from your Confluence Cloud site
Uninstalling a Confluence Cloud site from the GitGuardian platform does not remove the GitGuardian OAuth2 app from your Confluence Cloud site. This is not a mandatory step, but you can remove it manually after uninstalling your Confluence Cloud site from the GitGuardian platform.
To remove the GitGuardian OAuth2 app from your Confluence Cloud site:
- Go to the Connected apps page of your Confluence Cloud site
- Click on the Remove access button next to the GitGuardian Confluence app
- Confirm by clicking on the Remove button in the confirmation modal
That's it! The GitGuardian OAuth2 app is now removed from your Confluence Cloud site.
Privacy
Country-specific laws and regulations may require you to inform your Confluence Cloud users that your spaces are being scanned for secrets. Here is a suggestion for a message you may want to use:
As part of our internal information security process, the company scans the Confluence Cloud spaces for potential secrets leaks using GitGuardian. All data collected will be processed for the purpose of detecting potential leaks. To find out more about how we manage your personal data and to exercise your rights, please refer to our employee/partner privacy notice. Please note that only spaces relating to the company’s activity and business may be monitored and that users shall refrain from sharing personal or sensitive data not relevant to the space’s purpose.