Skip to main content
Skip table of contents

Migrate Security & Encryption Server to Security & Encryption Cloud

On this page:

This page outlines the steps to migrate your Security & Encryption data from Confluence Server or Data Center to Confluence Cloud. 


Before you start, read and understand the following information:

  • Understand the macro differences and feature differences between the Security and Encryption for Confluence Server and Confluence Cloud.

  • Be aware of the following limitations, and take the suggested actions if needed.

    • Restricted pages are not supported currently. Depending on the sensitivity of the data, we suggest users manually migrate these secrets or remove any restrictions on related pages.

    • (warning) Confluence Cloud currently does not support nested macros (See CONFCLOUD-68323) which means integration with other apps by way of nesting will be limited.  We suggest moving the secrets outside of the nested macros in server before performing the migration.

    • Rich text content used to create secrets does not appear correctly when migrated. Ensure secrets are in plain text before migration.

  • Administrators using the CCMA tool to allow partial user migration should review the product access of the users before attempting steps related to the Server Migration tab (This is a part of Step 2 - Secure Macro Transformation to Secrets (Security & Encryption). 

  • Perform a test migration to understand the steps required to migrate data and reconfigure the migrated data.

  • This guide assumes you have successfully migrated your Confluence Server data into Confluence Cloud, per Atlassian's Server to Cloud migration guide.


At the end of this guide, you will have: 

Depending on how large your Confluence data is, these may take a few hours to complete.  

Step 1 - Run CCMA

Follow through with the steps in Step 1 - Run CCMA (Security & Encryption)


  • (Optional) prepare a set of test data and a staging instance to perform a pre-migration environment test before production migration. 

  • Upgraded Security and Encryption for Confluence Server to version 3.6.0 or above.  

  • Find and identify the spaces that are using the Security and Encryption macros. 

  • Perform the migration using the Confluence Cloud Migration Assistant(CCMA) tool. 

  • Schedule the migration window.

Step 2 - Secure Macro Transformation to Secrets

Follow through with the steps in Step 2 - Secure Macro Transformation to Secrets (Security & Encryption)


  • Have your Confluence cloud instance ready. 

  • Select which secrets you want to migrate from the Server Migration Beta tab

  • Generate the migration key and passphrase from the Confluence server. 

  • Perform the transformation of the server Secure Macro to its cloud equivalent Secret.

  • After a successful migration, admins should check for Secret owners without add/delete restrictions and then grant them access. (See How do we check and bulk update add/delete restrictions?)

The improved version of Security and Encryption for Confluence Cloud utilizes zero-knowledge architecture. (To learn more, read What is a legacy secret?) Legacy secrets will be automatically converted when migrated to the cloud. To ensure that this transition happens smoothly, the Administrator executing the migration will be added as the owner of the secrets.

Step 3 - Troubleshooting Steps

Follow through with the steps in Step 3 - Troubleshooting Steps (Security & Encryption)


  • Ensure the Security and Encryption add-on is given the appropriate permission in space permissions.

  • Understand the type of error messages and what non-transformed secrets look like. 

Next Steps: 

To go back to the migration hub, click here.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.