Protect your Confluence content. Real-time, blazing fast scanning of pages, comments and even attachments!

Setup

Since Spectral never keeps your secrets and content, we provide an AWS lambda function that you deploy in your organization's AWS account.
Required permissions in AWS:

cloudformation:DescribeStacks
iam:CreateRole
iam:DeleteRole
apigateway:POST
logs:CreateLogGroup
iam:PutRolePolicy

In addition, you'll add a Confluence webhook to send relevant events to this lambda.

Deploy the Lambda

Launch stack

After the stack is deployed grab the function gateway api URL, we'll use it next.

Add Confluence Webhook

Go to your Confluence instance and install the webhooks manager extension (costs 1$ per user per month)

Add a new webhook in the webhook manager (change YOUR_ACCOUNT to your instance domain in this url: https://YOUR_ACCOUNT.atlassian.net/wiki/plugins/servlet/ac/com.stiltsoft.confluence.cloud.webhooks/admin-webhooks-page)

Make sure to configure:

• Webhook url to point to your function endpoint (see in your new lambda page in AWS console after deploying)
• Add a query string param: webhook_token and set it to the same webhook token you put in the CONFLUENCE_WEBHOOK_TOKEN parameter in your function
• Set the event types of the webhook to: attachment created, comment created, comment updated, page created, page updated, content created, content updated

So for example if your confluence event endpoint is https://random123.execute-api.us-east-1.amazonaws.com/prod/api/confluence_event and the token you set in your function env var is f4lmf4kl2ldoxxxxxx, the webhook url you configure in Confluence should be: https://random123.execute-api.us-east-1.amazonaws.com/prod/api/confluence_event?webhook_token=f4lmf4kl2ldoxxxxxx

That's it 💪

Your Confluence instance should now be monitored by Spectral.

Take it for a spin

Publish a page with a fake secret (like AKIA4HK52OLF2AAN9KWV) in a monitored space.