Confluence Integration

Overview

Argus's Confluence integration scans pages, templates, and attachments for credentials, API keys, and tokens stored inside your documentation. Works with Confluence Cloud and Confluence Data Center.

Prerequisites

• Confluence site admin (Cloud) or system admin (Data Center)
• An API token (Cloud) or Personal Access Token (Data Center)
• A Cremit Argus account

Step-by-Step Setup

Step 1: Create a Confluence API token

• Cloud: id.atlassian.com > Security > Create and manage API tokens
• Data Center: User Profile > Personal Access Tokens > Create token
• Label 'Cremit Argus' and copy immediately

Step 2: Add Confluence as a Scan Source

• Argus > Configuration > Scan Sources > New
• Select Confluence, then Cloud or Data Center
• Enter the Confluence base URL (for example, yourcompany.atlassian.net/wiki)
• Enter the authenticating email and paste the token
• Test Connection, then Create

Step 3: Choose Spaces to scan

Space is the scope unit for Confluence.

• Argus lists every space the token can access
• Enable key spaces or use Bulk Enable for full coverage
• Personal spaces can be toggled separately if you want to keep them out

Step 4: Configure what to scan inside a Space

• Pages (default ON): scans the current version of each page
• Templates (default ON): often used to paste example config
• Attachments (default OFF): enable to cover files uploaded to pages

Verification

To confirm the integration is configured correctly:

• Selected Spaces show a Healthy status and recent Last Scan timestamp
• Page counts in Scan Coverage roughly match what you see in Confluence
• Edits to pages trigger a re-scan within minutes
• No 401 or 403 errors appear in the source's activity log

Troubleshooting

Issue: A private Space is missing from the target list.

• Solution: The token owner must have at least Space Viewer permission on the Space. Either grant the permission or authenticate with a different account.

Issue: Archived pages are not scanned.

• Solution: Archived pages are excluded by default. Enable Include Archived under the source's Scan Settings if you need historical coverage.

Key Benefits

• Documentation is where paste-debugged secrets quietly accumulate
• Works across Cloud and Data Center in one source type
• Respects Confluence's permission model; Argus sees only what the token can see
• Templates scanning catches secrets pasted into 'Example config' sections