What do I do if a security scan finds a secret?

All secrets detected by a security scan should be considered compromised. Once a secret is published, anyone who had read access to the page could have obtained a copy. Locking down the permissions on the page, deleting it, or deleting all the page versions which contained the secret is a good step, but doesn’t sufficiently remediate the risk.

Soteri recommends to:

• Change the secret.

  • If a password is found, change it.

  • If an access token is found, generate a new access token and update your services to use the new token. Once all your services have been updated, revoke the old token.

• Delete the secret from Confluence. Secrets improperly stored in Confluence, revoked or not, send the signal to users that secrets can be stored this way.