Documentation
The following describes how Secret Scanner for Confluence works.
Installing
You can install Secret Scanner for Confluence by search for "secret scanner" in the Atlassian Marketplace. Look for the crocodile image and click "Try it free" or "Buy it now" in the top right. After going though the install process you are ready to scan!
After Installing
Once installed you can access it though the App's dropdown, with the title "Secret Scanner Report". Note that you will need to be a Confluence Administrator to view the report.
It will take minute or two for Secret Scanner to be allowed to scan your content from Confluence. When it is running you will see a message "Secret Scanner is running.". When finished you will be presented with a report. You can click through titles to any identified issues.
Secret Scanner will run on an automated basis every hour, so after removing problematic content it should disappear from the report within the hour. That's it! Secret Scanner is designed to be as simple as possible. Enjoy your secure Confluence install.
What Rules does Secret Scanner use?
Secret scanner uses an aggregated collection of rules taken from TruffleHog, GitLeaks, AWS Macie and other tools. Grouped together they scan for API Keys, Secrets and Credit Cards providing a comprehensive list of secrets that shouldn't be easily accessible. This list is constantly reviewed and updated over time.
The full list of rules is included below.
| Rule | Description | Visa Card | All Visa card numbers start with a 4. New cards have 16 digits. Old cards have 13. | MasterCard Card | MasterCard numbers either start with the numbers 51 through 55 or with the numbers 2221 through 2720. All have 16 digits. | American Express Card | American Express card numbers start with 34 or 37 and have 15 digits. | Diners Club | Diners Club card numbers begin with 300 through 305, 36 or 38. All have 14 digits. There are Diners Club cards that begin with 5 and have 16 digits. These are a joint venture between Diners Club and MasterCard, and should be processed like a MasterCard. | Discover Card | Discover card numbers begin with 6011 or 65. All have 16 digits. | JCB Card | JCB cards beginning with 2131 or 1800 have 15 digits. JCB cards beginning with 35 have 16 digits. | Slack Token | RSA private key | SSH (DSA) private key | SSH (EC) private key | PGP private key block | AWS API Key | AWS Secret Key | Amazon MWS Auth Token | AWS AppSync GraphQL Key | Facebook Access Token | Facebook OAuth | GitHub | Generic API Key | Generic Secret | Google API Key | Google Cloud Platform API Key | Google Cloud Platform OAuth | Google Drive API Key | Google Drive OAuth | Google (GCP) Service-account | Google Gmail API Key | Google Gmail OAuth | Google OAuth Access Token | Google YouTube API Key | Google YouTube OAuth | Heroku API Key | LinkedIn Client Id | LinkedIn Secret Key | MailChimp API Key | Mailgun API Key | Password in URL | PayPal Braintree Access Token | Picatic API Key | PyPI upload token | Slack Webhook | Stripe API Key | Stripe Restricted API Key | Square Access Token | Square OAuth Secret | Shopify shared secret | Shopify access token | Shopify custom app access token | Shopify private app access token | Telegram Bot API Key | Twilio API Key | Twitter Access Token | Twitter OAuth | OpenAI Key | OpenAI API Key |
|---|