By mid-October 2023, an improved version of Security & Encryption for Confluence Cloud will be released. Users will enjoy enhanced security.
This page outlines the steps to migrate your Security & Encryption data from Confluence Server or Data Center to Confluence Cloud.
Prework
Before you start, read and understand the following information:
understand the macro differences and feature differences between the Security and Encryption for Confluence Server and Confluence Cloud
be aware of the following limitations, and take the suggested actions if needed
rich text content used to create secrets does not appear correctly when migrated. Ensure secrets are in plain text before migration
restricted pages are not supported currently. Depending on the sensitivity of the data, we suggest users manually migrate these secrets or remove any restrictions on related pages
Confluence Cloud currently does not support nested macros (See CONFCLOUD-68323) which means integration with other apps by way of nesting will be limited. We suggest moving the secrets outside of the nested macros in server before performing the migration.
Administrators using the CCMA tool to allow partial user migration should review the product access of the users before attempting steps related to the Server Migration tab
This is a part of Step 2 - Secure Macro Transformation to Secrets (Security & Encryption)
It is recommended to perform a test migration to understand the steps required to migrate data and reconfigure the migrated data
This guide assumes you have successfully migrated your Confluence Server data into Confluence Cloud, per Atlassian's Server to Cloud migration guide.
Guide
At the end of this guide, you will have
upgraded Security and Encryption for Confluence Server and Data Center to version 3.6.0 or above
prepared the Security and Encryption for Confluence Server & Data Center data at the server
performed migration using the Confluence Cloud Migration tool
checked and reconfigured (transformed) the Security and Encryption for Confluence Cloud data at cloud
Depending on how large your Confluence data is, this process may take a few hours to complete.
Step 1 - Run CCMA
Follow through with the steps in Step 1 - Run CCMA (Security & Encryption)
Overview
prepare a set of test data and a staging instance to perform a pre-migration environment test before production migration OPTIONAL
upgraded Security and Encryption for Confluence Server to version 3.6.0 or above
find and identify the spaces that are using the Security and Encryption macros
perform the migration using the Confluence Cloud Migration Assistant(CCMA) tool
schedule the migration window
Step 2 - Secure Macro Transformation to Secrets
Follow through with the steps in Step 2 - Secure Macro Transformation to Secrets (Security & Encryption)
Overview
have your Confluence cloud instance ready
select which secrets you want to migrate from the Server Migration Beta tab
generate the migration key and passphrase from the Confluence server
perform the transformation of the server secure Macro to its cloud equivalent Secret
after a successful migration, admins should check for Secret owners without add/delete restrictions and then grant them access
For further information on the restrictions - How do we check and bulk update add/delete restrictions?)
The improved version of Security and Encryption for Confluence Cloud utilizes zero-knowledge architecture. To learn more, read What is a legacy secret?.
Legacy secrets will be automatically converted when migrated to the cloud. To ensure that this transition happens smoothly, the Administrator executing the migration will be added as the owner of the secrets.
Step 3 - Troubleshooting Steps
Follow through with the steps in Step 3 - Troubleshooting Steps (Security & Encryption)
Overview
ensure the Security and Encryption add-on is given the appropriate permission in space permissions
understand the type of error messages and what non-transformed secrets look like.
Next Steps
Follow process in Step 1