Managing access to Secrets

This page covers who can create, view, update, and delete Secrets. The latest version of  Security & Encryption adds the ability for non-space admin Confluence users to create and edit secrets. This will require some permission changes to work properly. A number of common scenarios and FAQs are also covered below.

(info) For this KB article, space admins refers to users that have granted Add/Delete Restrictions permission in a space.

Non-space admins refers to users that have not been granted Add/Delete Restrictions permission in a space.

Creating a Secret

To create a Secret macro, you must meet the following conditions:

  1. You have access to the space where the Secret macro belongs to.
  2. You have Edit permission for the page where the Secret macro will be added.
  3. You have EITHER the permission to Add/Delete Restrictions permission on that space
    OR the Security & Encryption app has the permission to Add/Delete Restrictions permission to that space.

Updating a Secret

To edit a Secret macro, you must meet the following condition:

  • You are the Secret owner. By default, the Secret creator is also the owner.  The owner can also add other users as owners. For details refer to the section on creating and editing secrets.

Granting access to Confluence users to create Secrets:

Either one of these steps will grant access:

  • In space permissions, grant the user Add/Delete permission under Restrictions. Note that this will give that user permission to add/delete restrictions to other pages in that space.

  • In space permissions, grant Add/Delete permission under Restrictions to the Security & Encryption for Confluence app.

FAQs and common scenarios

What happens if the Security & Encryption app has NOT been granted the Add/Delete Restriction permission, and a non-space admin tries to create Secrets?

  1. The operation will fail, and An error message is shown.

What happens if the Security & Encryption app is granted the Add/Delete Restriction permission, and a non-space admin tries to create Secrets?

  1. The Secrets are created.
  2. In the audit logs, Secrets which were created by non-space admins will list Security & Encryption as the creator, but the non-space admin is listed as the owner.

What happens when non-space admins have successfully created a Secret, but later on, the permission to apply restrictions for the Security & Encryption app is removed?

  1. Non-space admins should still be able to view the secret.
  2. If a non-space admin tries to update the Secret, the operation will fail, and an error message is shown.