Secret Sentinel – Password Leak Scanner for Confluence and Jira

Automatically detect and redact leaked passwords, API keys, and tokens in Confluence and Jira. Prevent credential leaks and optionally escalate high-risk detections into Jira for fast remediation.

Secret Sentinel – Password Leak Scanner for Confluence and Jira

What is Secret Sentinel?

Secret Sentinel is a security automation solution for Atlassian Confluence and Jira that automatically detects and redacts leaked credentials such as passwords, API keys, and tokens.

Secret Sentinel is delivered as two separate Forge apps:

  • Secret Sentinel for Confluence – protects Confluence pages and comments
  • Secret Sentinel for Jira – protects Jira work items and comments

Each app works independently within its product.

Optionally, Confluence detections can create Jira security incidents (requires installing both apps on the same Atlassian site).

Built entirely on Atlassian Forge. No external services. No environment variables.

Features

  • Automatic secret detection
    Detects leaked passwords, API keys, private keys, and tokens using proven patterns.

  • Safe redaction
    Secrets are removed directly inside Confluence pages, comments, inline comments, Jira work item titles, descriptions, and comments.

  • Jira incident escalation (optional)
    High-risk leaks can automatically create Jira security incidents for tracking and remediation.

  • Severity-based escalation
    Escalate only critical secrets such as AWS keys, GitHub tokens, and private keys.

  • Confluence and Jira support
    Available as separate apps for Confluence and Jira, with independent configuration per product.

  • Enterprise-ready architecture
    Runs fully on Atlassian Forge with minimal dependencies and no external data processing.

Benefits

With Secret Sentinel, teams can:

  • Prevent credential leaks before they cause incidents
  • Eliminate manual secret cleanup in Confluence and Jira
  • Enforce consistent security hygiene across teams
  • Respond faster to high-risk leaks using Jira workflows
  • Stay compliant without sending data to third-party services

How it works

  1. Content is created or updated in Confluence or Jira
  2. Secret Sentinel scans the content automatically
  3. Detected secrets are safely redacted in place
  4. If enabled, a Jira security incident is created for tracking remediation

All processing happens inside Atlassian infrastructure.

Get started

Protect your Confluence and Jira content from credential leaks in minutes.