Managing access to Secrets

DECember 2023 We have released an improved version with enhanced security of Security and Encryption for Confluence Cloud. Check out the next steps for administrators.

Overview

This page covers who can create, view, update, and delete secrets.

You need to ensure that users or groups have been granted Add/Delete Restrictions to allow for continued creation and editing of secrets

  • space admins are users that have been granted Add/Delete Restrictions permission in a space

  • non-space admins are users who have not been granted Add/Delete Restrictions permission in a space.

Creating a secret

To create a Secret macro, you must have the following requirements:

  • You have access to the space where you want to add the Secret macro.

  • You have Edit permission for the page where you want to add the Secret macro.

  • You have Add/Delete Restrictions permission in that space.

Updating a secret

To edit a Secret macro, you must be the owner of the secret, either as an individual “User Owner” or a member of a “Group Owner”. 

When a user edits a secret, the user will be made User Owner automatically, as long as the user is part of the group. By default, the secret creator is also the owner. 

The secret owner can add other users as owners. For details refer to creating and editing secrets documentation.  

Granting access to Confluence users to create secrets

For individual users

  • in Space permissions, in the Individual Users section

  • grant the user Add/Delete permission under Restrictions

Granting the permission allows the user to add/delete restrictions to other pages in that space.


For groups

  • in Space permissions, in the Groups section

  • grant a group Add/Delete permission under Restrictions

Granting the permission allows the members of the group to add/delete restrictions to other pages in that space.

FAQs and common scenarios

Currently, you cannot remove yourself as a secret owner. Instead, add another user as an owner, and request that user to remove your ownership.

We have introduced group-related access to assist with ownership transfers - for more details see How to ensure that secrets-related access is not impacted by a change of owners.

Certain Confluence apps can bypass content restrictions on behalf of the user. Consequently, administrators must exercise caution when installing other Confluence apps to prevent such occurrences.

As an administrator, you need to compare the Secrets permission matrix and the other app users' permissions. Find further details here.