Forge App for Confluence
SentinelVault
Free & Open SourceAtlassian Forge
Open source attachment protection & concurrent-edit prevention for Confluence Cloud. Seal files, detect violations, auto-revert changes.
Free & Open Source Forge App
Confluence Cloud
File Locking & Auto-Revert
Overview
Confluence has no native file-locking mechanism. Any user with edit access can upload a new version of any attachment at any time — leading to concurrent edit conflicts, accidental overwrites, and no accountability. SentinelVault solves this by adding a platform-enforced seal (lock) layer on top of Confluence attachments.
File Sealing
Platform-enforced locks on individual attachments. Only the seal holder can modify the file. Seals track ownership, expiry, version, and download state.
Violation Detection & Auto-Revert
Real-time monitoring of attachment edits, deletions, and page content tampering. Violations are automatically reverted within seconds.
Beyond protection, SentinelVault provides full attachment management — upload, label, delete, restore — and multi-channel notifications that keep everyone informed about file status changes.
Getting Started
After your Confluence site administrator installs SentinelVault, you can start using it immediately.
1
Install & Add the Macro
Navigate to any Confluence page with attachments. Open the page editor and insert the Sentinel Vault macro from the macro browser (under the Admin category). Publish the page.
2
Seal an Attachment
The inline panel shows all attachments and their seal status. Click Seal next to any attachment you want to protect before editing.
3
Edit & Unseal
Edit the file with confidence — no one else can overwrite it while your seal is active. When done, click Unseal to release the lock. Watchers are notified.
If your administrator has enabled Auto-Insert Macro on Seal, you don't need to manually add the macro. The panel is automatically inserted into the page the first time you seal an attachment.
The Inline Panel
The primary interface for SentinelVault. A macro block embedded directly in your Confluence page, showing every attachment with its current seal status.
Features
Grouped sections — Sealed, Missing, and Available
One-click seal and unseal with countdown timer
Watch files sealed by others for release notifications
Add and remove labels for organization
Delete, Restore, and Purge lifecycle management
Drag-and-drop upload zone (max 4 MB per file)
Expandable Card Rows
Click the expand arrow on any attachment to reveal additional details:
- Thumbnail previews — Image attachments show a lazy-loaded preview for quick visual identification.
- View link — Opens the attachment preview directly in Confluence.
- Properties link — Opens the Confluence attachment properties page.
- Full metadata — Sealed by, time remaining, file size, file type, date, and version number.
The Overlay
A full-screen modal for comprehensive attachment management. Open it by clicking Manage Attachments in the page banner or from within the inline panel.
Column Picker & Sort
Toggle visible columns. Sort by name, status, time remaining, or date. Preferences persist across sessions.
Pagination & Panel Toggle
Load more attachments for pages with many files. Show or hide the inline panel macro directly from the overlay.
Full Actions
Seal, unseal, upload, label, watch, delete, restore, and purge — all available from one interface.
The Page Banner
A persistent notification bar at the top of every Confluence page with sealed attachments. Provides at-a-glance seal status and quick access to the overlay.
Banner Features
- Seal count — Shows how many attachments are currently sealed on this page.
- Conflict alerts — Displays alerts when someone attempts to modify a sealed file, with automatic rollback confirmation.
- Expiry warnings — Alerts when your seals are overdue.
- Manage Attachments — Opens the overlay for full attachment management.
The banner auto-refreshes every 5 seconds to reflect changes made in other surfaces (overlay, inline panel) without requiring a full page reload.
Sealing & Violation Detection
A seal is a platform-enforced lock on a specific attachment. When sealed, a record stores the operator, timestamp, expiry, version, and download link. If anyone attempts to modify a sealed attachment, SentinelVault intervenes automatically.
Edit Protection
If someone uploads a new version of a sealed attachment, the previous version is automatically downloaded and re-uploaded, restoring the original file.
Trash Protection
If someone moves a sealed attachment to the trash, it is automatically restored. Permanent deletions trigger cleanup and owner notification.
Content Protection
If a sealed embed is removed from the page body, it is surgically re-inserted at its original position without reverting other page changes.
All three violation types are handled automatically within seconds, with zero manual intervention. The seal holder's files and embeds are fully restored.
Watch / Notify Me
When you need to edit a file that's currently sealed by someone else, click Watch. You'll receive an email notification the moment the seal is released — whether manually, by expiry, or by steward override.
Sealing prevents modification (uploading a new version), not viewing. All users with page access can still download and view sealed attachments.
Attachment Management
Full attachment lifecycle management. Each capability is controlled by a separate administrator toggle.
| Action | What It Does | Admin Setting |
|---|---|---|
| Upload | Drag and drop or click to upload new attachments (up to 4 MB per file) | Always available |
| Labels | Add and remove labels on any attachment for organization and filtering | Always available |
| Delete | Remove unsealed attachments from the page (moves to Confluence trash). Sealed attachments cannot be deleted. | Allow Attachment Removal |
| Restore | Recover trashed attachments that still have seal data in SentinelVault | Allow Attachment Restore |
| Purge | Clean up leftover seal records for attachments that have been permanently deleted from Confluence | Allow Seal Cleanup |
Macro Configuration
The inline panel macro can be customized per instance via the macro settings icon.
| Setting | Options | Default |
|---|---|---|
| Column Visibility | Toggle: name, status, seal owner, labels, comment, actions, file size, file type, expiry | All visible |
| Items Per Page | 5, 10, 15, or 25 | 15 |
| Cards Per Row | 1, 2, or 3 | 2 |
| Show Upload Zone | On / Off | On |
Notification Channels
Five independent notification channels, each configurable in the Steward Console.
| Channel | Description | Visibility |
|---|---|---|
| Toast Messages | In-app popup notifications for immediate feedback on seal/unseal actions | Current user session |
| Page Banners | Persistent ribbon alerts at the top of the affected Confluence page | All page visitors |
| Page Comments | Automated comments posted to the page footer, tagging involved users with @mentions | All page viewers |
| Email Alerts | Templated HTML emails for seal confirmations, violations, reminders, and releases (8 email types) | Email recipients |
| Watch Notifications | Release emails sent to users who are watching a sealed attachment | Watchers only |
Email Types
SentinelVault sends eight distinct email types, each with its own professionally designed HTML template:
- Seal confirmation — confirming the duration and expiry
- Violation alert — when an unauthorized edit, trash, or deletion is detected and reverted
- Halfway reminder — when a seal reaches 50% of its configured duration
- Expiry notification — when a seal has expired and action is required
- Auto-release notice — when a seal is automatically released after expiry
- Periodic reminder — sent on a recurring schedule when expiry notifications are disabled
- Release notification — sent to watchers when a seal is manually released
- Steward override — sent to the seal owner when a steward force-unseals their attachment
Email notifications are optional and powered by Resend. All other channels (toast, banner, comment) work without any external configuration. If the API key is not set, emails are silently skipped.
Steward Console (Global Admin)
Accessible via Confluence Administration → Apps → Sentinel Vault Admin. Only site administrators can access this panel.
General Tab
| Setting | Description | Default |
|---|---|---|
| Default Seal Duration | How long attachments stay sealed (hours, minimum 1). Individual spaces can override this. | 24 hours |
| Allow Steward Force-Unseal | Allow stewards to unseal attachments sealed by other users | Off |
| Enable Seal Expiry Notifications | When on, users get expiry notifications and seals are released automatically. When off, seals persist past expiry with periodic reminders. | On |
| Allow Attachment Removal | Users can delete unsealed attachments from the panel (moves to trash) | Off |
| Allow Attachment Restore | Users and stewards can restore trashed attachments with seal data | Off |
| Allow Seal Cleanup | Users and stewards can purge leftover seal entries for deleted attachments | Off |
| Protect Sealed Attachments in Page Body | Automatically undo page edits that remove sealed media embeds | On |
| Auto-Insert Macro on Seal | Automatically insert the Sentinel Vault panel when an attachment is sealed | Off |
| Replace Attachments Macro | When inserting the panel, replace the built-in Confluence Attachments macro (only visible when auto-insert is on) | Off |
| Reminder Frequency | How often to send periodic reminder emails, in days (only visible when expiry notifications are off) | 7 days |
Alerts Tab
| Setting | Description | Default |
|---|---|---|
| Pop-up Notifications | In-app toast popups for seal/unseal actions and violations | On |
| Page Status Banners | Persistent banner at the top of pages with sealed attachments | On |
| Page Comments | Confluence comments posted on seal events with @mentions | On |
| Email Notifications | Master toggle for all email types (must be on for sub-options to work) | On |
| Seal Confirmation Emails | Confirmation email after sealing (nested under email toggle) | On |
| Seal Expiry Reminder Emails | Reminder when a seal has expired (nested under email toggle) | On |
| Recurring Reminder Emails | Periodic reminders when expiry notifications are off (nested under email toggle) | On |
Realm Console & Roles
Space-level administration via Space Settings → Apps → Sentinel Vault.
Console Tabs
- My Sealed Files — View all attachments you have sealed in this space with a Relinquish button. (All users)
- Realm Sealed Files — View all sealed attachments across the space with column picker, sort, force-unseal, and watch. (Stewards only)
- Access Control — Realm activation toggle, steward management, guilds (group teams), and pending access requests. (Stewards only)
- Reservation Duration — Use the system default or set a custom per-space seal duration. (Stewards only)
- Macro — Configure auto-insertion of the panel macro and choose top or bottom page position. (Stewards only)
Roles & Permissions
| Role | Who | Capabilities |
|---|---|---|
| Operator | Any Confluence user with page edit access | Seal/unseal their own attachments, view seal status, watch others' seals, upload, label, request steward access |
| Realm Steward | Space administrators & delegated users | All operator capabilities + force-unseal, access control, realm policy, seal audit, approve/deny access requests |
| Guild Member | Members of designated Confluence groups | Same as Realm Steward — all guild members automatically receive steward privileges in the configured space |
| Site Administrator | Confluence site/org admins | Full access: global settings via Steward Console, steward capabilities in all spaces |
Steward status is determined by any of: Confluence space ADMINISTER permission, membership in a configured guild, explicit steward delegation, or site/org admin status. Regular users can request steward access — denied users may re-request after 48 hours.
Limits, Duration & Maintenance
Seal Duration & Expiry
Every seal has a duration, after which it is eligible for automatic release. The effective duration is resolved in order:
- Space override — Custom duration set in the Realm Console (if configured).
- Global default — Duration set in the Steward Console (default: 24 hours).
- Baseline fallback — 48 hours (hardcoded, used only when no admin configuration exists).
When expiry notifications are enabled (default), the hourly Expiry Sweep automatically releases expired seals and sends notification emails. When disabled, expired seals persist (showing “Overdue”) and the system sends periodic reminder emails.
Limits & Constraints
| Constraint | Limit | Notes |
|---|---|---|
| Upload file size | 4 MB | Per file, via the inline panel or overlay upload zone |
| Forge function timeout | 25 seconds | Realm scan consumer has extended 900-second timeout for large space audits |
| Seal duration | Configurable | Minimum 1 hour. Set via Steward Console or Realm Console. |
| Content protection retries | 3 attempts | Exponential backoff for version conflicts during page restoration |
| Email delivery | Per Resend plan | Free tier: 100 emails/day. 3 retries with exponential backoff on rate limits. |
| Steward re-request cooldown | 48 hours | After a denied steward access request |
Automated Maintenance
| Task | Frequency | Purpose |
|---|---|---|
| Expiry Sweep | Hourly | Releases expired seals, sends halfway reminder emails at 50% duration, sends expiry notification emails |
| Seal Index Cron | Hourly | Rebuilds performance indexes for realm seal lookups, using timestamp optimization to skip unnecessary scans |
| Recurring Nudge | Daily | Sends periodic reminder emails about sealed attachments (only when expiry notifications are disabled) |
| Realm Scan Consumer | On demand | Background queue processor for space-level seal auditing, triggered by stewards from the Realm Console |
| Attachment Trigger | Real-time | Detects and responds to attachment updated, trashed, and deleted events |
| Page Content Trigger | Real-time | Detects removal of sealed media embeds from page content and surgically re-inserts them |
All data is stored in Forge KVS within the Atlassian Cloud platform. The only external service is Resend for email delivery (optional), which receives only the notification content, not your file data.
Coming Soon
SentinelVault is actively developed. Here's what's on the roadmap:
Coming Soon
Edit Requests
Allow one or multiple users to edit a sealed attachment without granting full steward permissions. Collaborative editing with controlled access — the seal owner approves who can edit.
Coming Soon
Content Sealing
Go beyond attachments. Lock specific sections of a Confluence page to prevent unauthorized edits to critical content areas — headings, tables, decision logs — while leaving the rest of the page editable.
Coming Soon
Conditions & Validations
Add rules and validations to Confluence pages that are enforced on create and edit. Ensure content meets standards — required fields, formatting rules, approval gates — before publishing.
Coming Soon
Semantic AI Validations
AI-powered content validation using your own API keys (BYOK). Validate page content against custom rules, style guides, tone requirements, and compliance standards automatically.
Frequently Asked Questions
Can I seal multiple attachments on the same page?
Yes. Each attachment has its own independent seal. Multiple users can hold seals on different attachments on the same page simultaneously.
What happens if I seal a file and forget about it?
If expiry notifications are enabled (default), the seal will automatically expire after the configured duration. You'll receive a reminder email at the halfway mark. If expiry notifications are disabled, the seal persists and you'll receive periodic reminders.
Can someone still view a sealed attachment?
Yes. Sealing prevents modification (uploading a new version), not viewing. All users with page access can still download and view sealed attachments.
What happens when I remove a sealed image from a page?
If content protection is enabled (default), SentinelVault detects the removal and surgically re-inserts the sealed embed at its original position. Your other page changes are preserved — only the sealed media is restored.
How do I know when a sealed file becomes available?
Click Watch on any sealed attachment. You'll receive an email notification the moment the seal is released.
What are guilds?
Guilds are Confluence groups assigned as steward teams in a space's Access Control settings. All members of a guild automatically have steward privileges in that space, without needing individual delegation.
How do I request steward access?
Open the Realm Console from space settings. In the My Sealed Files tab, click "Request Steward Access." A steward will review your request. If denied, you can re-request after 48 hours.
The delete/restore/purge buttons aren't visible.
These actions are disabled by default. A site administrator must enable them individually in the Steward Console General tab.
Is my data stored outside of Atlassian?
No. All seal records and configuration are stored in Forge KVS, which is hosted within the Atlassian Cloud platform. The only external service is Resend for email delivery (optional), which receives only the notification content, not your file data.
What if the Resend API key is not configured?
Email notifications will be silently skipped. All other channels (toast, banner, comment) continue to work normally. No errors are raised.
Free & Open Source
Open Source on GitHub
Free on Atlassian Marketplace — coming soon! Currently in certification with Atlassian. The complete source code is available on GitHub for transparency and community contribution.