Skip to main content

Integrate a new Confluence Cloud source

info

For now, only real-time scanning is supported to detect secrets in pages, blogs and comments. All detectors are supported, with the exception of these 2 generic detectors, in order to limit the risk of false positives:

Setting up and configuring this integration is limited to users with an Owner or Manager access level. Confluence Cloud site installation is only open to workspaces under the Business plan, but uninstallation is open to all. Alternatively, you can install and test secret detection in Confluence Cloud with a 30-day trial. Any secret incidents created during this period will remain accessible in your incident dashboard after the trial period.

GitGuardian integrates natively with Confluence Cloud via an OAuth2 app and a Connect app that you can install on your Confluence Cloud sites. Note that the GitGuardian OAuth2 app only has read access to your spaces.

Setup your Confluence Cloud integration

You can install GitGuardian on multiple Confluence Cloud sites to monitor your spaces.

  1. Make sure you're logged in the Confluence Cloud site you want to install
  2. In the GitGuardian platform, navigate to the Integrations page
  3. Click on the Install button on the Confluence Cloud card in the Documentation section Confluence Cloud card
  4. Click on the Install button of the Confluence Cloud integration page
  5. Click on the Connect with Confluence Cloud in the installation modal Confluence Cloud install - Step 1
  6. Make sure you are connected to the right Confluence Cloud site
  7. Click on the Accept button to accept the permissions requested by GitGuardian Confluence Cloud permissions
  8. Click on the Open Confluence Cloud settings in the installation modal Confluence Cloud install - Step 2
  9. Click on Settings in the Manage apps page of your Confluence Cloud site
  10. Check the Enable development mode option and click Apply in order to allows the installation of our Connect app Confluence Cloud Development Mode
  11. Click on Upload app in the Manage apps page of your Confluence Cloud site
  12. Paste our app descriptor URL and click Upload to upload and install our app:
  • For GitGuardian SaaS US:
    https://dashboard.gitguardian.com/api/v1/confluence-cloud/connect-app/app-descriptor/
  • For GitGuardian SaaS EU:
    https://dashboard.eu1.gitguardian.com/api/v1/confluence-cloud/connect-app/app-descriptor/
  • For GitGuardian Self-Hosted:
    https://<gitguardian.acme.com>/api/v1/confluence-cloud/connect-app/app-descriptor/
    Customize with your GitGuardian Self-Hosted instance URL Confluence Cloud Upload app

That's it! Our OAuth2 app is now automatically invited on all your spaces and our Connect app connected to your Confluence Cloud site. It will now start monitoring all pages, blogs and comments of your spaces for secrets.

Setup Confluence Cloud for self-hosted GitGuardian

info

We recommend using dedicated workers for Confluence Cloud. For more detailed information on scaling and configuration, please visit our scaling page.

If you are using a self-hosted GitGuardian instance, you must first configure a dedicated Confluence Cloud App so that you own the entire data stream. This will ensure that your Confluence Cloud App is created with all the appropriate rights.

1. Create a Confluence Cloud app

  1. Navigate to the Confluence Cloud integration page
  2. Click on Configure Confluence Cloud app
    Confluence Cloud app configure

As a Confluence Cloud administrator

  1. Click on Create Confluence Cloud app (Alternatively, if you're not a GitGuardian Manager, you can access the Atlassian developer console directly)
  2. Type the name of your new Confluence Cloud app: GitGuardian
  3. Agree to Atlassian's developer terms by checking: I agree to be bound by Atlassian's developer terms.
  4. Click on Create
    Confluence Cloud app create
  5. Go to the Permissions page
  6. Click on Add button next to the Confluence API line
    Permissions - Confluence API add
  7. Click on Configure button next to the Confluence API line
  8. In the Classic scopes tab, click on the Edit Scopes button of the Confluence platform REST API section
    Confluence Cloud - Classic scopes edit
  9. Select the following classic scopes:
    • read:confluence-content.all
    • read:confluence-content.permission
    • read:confluence-content.summary
    • read:confluence-groups
    • read:confluence-props
    • read:confluence-space.summary
    • read:confluence-user
    • readonly:content.attachment:confluence
    • search:confluence
  10. Click on Save
    Confluence Cloud - Classic scopes
  11. In the Granular scopes tab, click on the Edit Scopes button
    Confluence Cloud - Granular scopes edit
  12. Select the following granular scopes:
  • read:blogpost:confluence
  • read:comment:confluence
  • read:page:confluence
  • read:space:confluence
  1. Click on Save
    Confluence Cloud - Granular scopes
  2. Go to the Authorization page
  3. Click on Add button next to the OAuth 2.0 (3LO) line
    Authorization - OAuth 2.0 add
  4. Enter the callback URL based on your GitGuardian self-hosted instance URL:
    https://<gitguardian.acme.com>/api/v1/confluence-cloud/app/install_callback/
  5. Click on Save changes
    Confluence Cloud - Callback URL
  6. Go to the Overview page
  7. Get your App details (App ID) (alternatively, you can find and copy it more easily from the URL)
    Confluence Cloud - Overview credentials
  8. Go to the Settings page
  9. Get your Authentication details (Client ID, Secret)
    Confluence Cloud - Settings credentials

That's it! Your Confluence Cloud app has been created and you can now declare your Confluence Cloud app in the GitGuardian Platform. Alternatively, if you are not a GitGuardian Manager, you can now return the Confluence Cloud app credentials to your requester in the secure way of your choice (App ID, Client ID, Secret).

As a non Confluence Cloud administrator

If you don't have the right to create a Confluence Cloud app, please ask your Confluence Cloud administrator to do it for you. You can easily forward a request with this procedure:

  1. Click on the Send a request to a Confluence administrator link to easily forward your request
  2. They should in turn provide you with the Confluence Cloud app credentials to proceed with the rest of the configuration.

2. Declare your Confluence Cloud app in the GitGuardian Platform

  1. Paste your Confluence Cloud app credentials (App ID, Client ID, Secret)
  2. Click on Save and close
    Confluence Cloud app credentials

That's it! Your Confluence Cloud configuration is now ready and you can now setup your Confluence Cloud integration.

Edit your Confluence Cloud app configuration

In case you need to edit your Confluence Cloud app configuration, due to an error when declaring your Confluence Cloud app credentials or due to a secret rotation, you can do so as follows:

  1. Click on Edit Confluence Cloud app
  2. Update your Confluence Cloud app credentials
  3. Click on Save and close
    Confluence Cloud app configuration edit

Delete your Confluence Cloud app configuration

In case you need to delete your Confluence Cloud app configuration, you can do so as follows:

  1. Click on Edit Confluence Cloud app
  2. Click on Delete configuration
  3. Confirm by clicking on Delete configuration in the confirmation modal
info

Deleting your Confluence Cloud app configuration will uninstall all your Confluence Cloud integrations. However, all your existing incidents detected on Confluence Cloud will remain available on your dashboard. Note that deleting the Confluence Cloud app configuration will only delete the configuration, not the Confluence Cloud app. If you want to delete your Confluence Cloud app, you must do so from your Confluence Cloud site.

Uninstall your Confluence Cloud site

To uninstall a Confluence Cloud site:

  1. In the GitGuardian platform, navigate to the Integrations page
  2. Click on the Confluence Cloud card in the Documentation section
  3. Click on the bin icon next to the Confluence Cloud site to be uninstalled
  4. Confirm by clicking on the Yes, uninstall the connect app button in the confirmation modal Confluence Cloud uninstall
  5. Uninstall the Connect App by clicking on Uninstall
  6. Confirm by clicking on the Uninstall app button in the confirmation modal Confluence Cloud uninstall

That's it! Your Confluence Cloud site is now uninstalled.

Remove the GitGuardian OAuth2 app from your Confluence Cloud site

Uninstalling a Confluence Cloud site from the GitGuardian platform does not remove the GitGuardian OAuth2 app from your Confluence Cloud site. This is not a mandatory step, but you can remove it manually after uninstalling your Confluence Cloud site from the GitGuardian platform.

To remove the GitGuardian OAuth2 app from your Confluence Cloud site:

  1. Go to the Connected apps page of your Confluence Cloud site
  2. Click on the Remove access button next to the GitGuardian Confluence app
  3. Confirm by clicking on the Remove button in the confirmation modal Confluence Cloud - Remove app

That's it! The GitGuardian OAuth2 app is now removed from your Confluence Cloud site.

Privacy

Country-specific laws and regulations may require you to inform your Confluence Cloud users that your spaces are being scanned for secrets. Here is a suggestion for a message you may want to use:

As part of our internal information security process, the company scans the Confluence Cloud spaces for potential secrets leaks using GitGuardian. All data collected will be processed for the purpose of detecting potential leaks. To find out more about how we manage your personal data and to exercise your rights, please refer to our employee/partner privacy notice. Please note that only spaces relating to the company’s activity and business may be monitored and that users shall refrain from sharing personal or sensitive data not relevant to the space’s purpose.

How can I help you ?