This page covers who can create, view, update, and delete Secrets. The latest version of  Security & Encryption adds the ability for non-space admin Confluence users to create and edit secrets. This will require some permission changes to work properly. A number of common scenarios and FAQs are also covered below.

(info) Space admins refers to users that have granted Add/Delete Restrictions permission in a space. Non-space admins refer to users that have not been granted Add/Delete Restrictions permission in a space.

Creating a Secret

To create a Secret macro, you must meet the following conditions:

  1. You have access to the space where the Secret macro will be added.
  2. You have Edit permission for the page where the Secret macro will be added.
  3. You have EITHER the permission to Add/Delete Restrictions permission on that space
    OR the Security & Encryption app has the permission to Add page and Add/Delete Restrictions permission to that space.

Updating a Secret

To edit a Secret macro, you must meet the following condition:

  • You are the Secret owner. By default, the Secret creator is also the owner.  The owner can also add other users as owners. For details refer to the section on creating and editing secrets.

Granting access to Confluence users to create Secrets:

Either one of these steps will grant access:

  1. In space permissions,  under Individual Users, grant the user Add/Delete permission under Restrictions. Note that this will give that user permission to add/delete restrictions to other pages in that space.



    OR

  2. In space permissions, under Individual Users, grant both of these permissions to the Security & Encryption for Confluence app:
    • Add under Pages, and 
    • Add/Delete under Restrictions.

FAQs and common scenarios

What happens if the Security & Encryption app has NOT been granted the Add/Delete Restriction permission, and a non-space admin tries to create Secrets?

  1. The operation will fail, and An error message is shown.


What happens if the Security & Encryption app is granted the Add/Delete Restriction permission, and a non-space admin tries to create Secrets?

  1. The Secrets are created.
  2. In the audit logs, Secrets which were created by non-space admins will list Security & Encryption as the creator, but the non-space admin is listed as the owner.

What happens when non-space admins have successfully created a Secret, but later on, the permission to apply restrictions for the Security & Encryption app is removed?

  1. Non-space admins should still be able to view the secret.
  2. If a non-space admin tries to update the Secret, the operation will fail, and an error message is shown.

I am the owner of a Secret and would like to transfer ownership to another user (e.g. I am leaving the company or I am being transferred to another team)

Currently you cannot remove yourself as a Secret owner. But you can easily add another user as an owner, and later, that user can remove you as an owner. We have also introduced group related access to assist particularly in these kind of scenarios, see How to ensure that secrets related access is not impacted by turnover of owners? for more details.