Skip to content

Confluence

Confluence is a digital workspace that helps teams collaborate, create, and share knowledge. SailPoint Entro identifies Secrets and other NHIs exposed on Confluence, as shown in the example below:

Step 1: Locate the Exposed Token with SailPoint Entro Platform

SailPoint Entro provides the URL to navigate directly to the Confluence page where the secret was exposed.

Step 2: Revoke and Remove the Exposed Secret

To remediate the issue, use the RIGOR workflow:

  • Redact Sensitive Information: Edit or delete the Confluence pages or comments that contain the exposed sensitive Token to ensure proper hygiene is met.

  • Inform the Confluence page owner about the token exposure so that the practice is not repeated.

  • Generate a new token if required, and ensure secure storage.

  • Organize and take notes throughout this process as they will be necessary for a future root cause analysis, response plans, etc...

  • Revoke any exposed tokens immediately through the issuing service based on the token type provided by SailPoint Entro. Refer to Key Rotation Best Practices.

Step 3: Remove exposed tokens from page history

It is also important to delete older versions of the page in confluence.

To Delete Versions Manually:

  • Open the page, click the ellipsis (•••) > Page History, and delete each version individually by selecting Delete next to each entry.

Step 4: Audit Access

Review Confluence’s audit logs to ensure no unauthorized access occurred while the token was exposed. Once risk of exposure has subsided, identify key stakeholders to inform and ultimately improve workflows, so the practice is not repeated.

Step 5: Monitor

Set up monitoring and alerts within Confluence or using external monitoring tools to notify you of any unusual activities related to sensitive data access.