Security

• 1: Secure Development and Release
• 2: Data Storage and Transmission
• 3: Endpoint Reference
• 4: Running WikiTraccs in Locked-Down Environments
• 5: Data Processing Agreement - WikiTraccs

Architectural Overview of WikiTraccs

The following image shows which building blocks are at play when running a WikiTraccs migration. You find details about each building block in the table below the image.

The building block explained:

Building block	Purpose
Client’s computer	A computer running WikiTraccs. Uses Windows as operating system. You control this computer.
WikiTraccs console applications (GUI, Console)	WikiTraccs consists of two .NET-based console applications: WikiTraccs.GUI.exe and WikiTraccs.Console.exe. WikiTraccs is portable, no installation is necessary.
Confluence	The source Confluence environment that should be migrated to SharePoint. You decide whether this environment is being connected to via HTTP or HTTPS by using the respective URL scheme (http://, https://) in the source address configuration of WikiTraccs. WikiTraccs’ TLS support is determined by the Windows host environment and the Confluence server. Note when enforcing TLS 1.3 with Confluence, you have to use a migration machine with a recent Windows version with proper TLS 1.3 support (Windows 11 or newer, Windows Server 2022 or newer).
Confluence migration account	The account used to log in to Confluence. WikiTraccs uses the session of this account and therefor has access to everything this account has access to.
SharePoint, MS Graph	The Microsoft 365 target environment that will be migrated to. All connections are HTTPS and TLS-secured. For the state of TLS in Microsoft 365 have a look at Preparing for TLS 1.2 in Office 365 and Office 365 GCC. As Microsoft deprecated connections via TLS lower than 1.2, at minimum TLS 1.2 will be used when connecting to Microsoft 365 services.
SharePoint migration account	The account used to log in to SharePoint. The permission that WikiTraccs has is the intersection of this user’s permission and the permissions configured for the Entra ID app registration.
Azure AD App Registration for WikiTraccs	Entra ID app registration that allows WikiTraccs to work with Microsoft services on an API level. See Registering WikiTraccs as app in Entra ID for details.
Locally stored files	WikiTraccs stores files locally on the system it runs. Those files comprise: attachments downloaded from Confluence, log files, caches, WikiTraccs.GUI configuration, debugging-related files (if certain debug settings are turned on)
Client’s migration team	This is your migration team.
WikiTraccs support	Support channels, mainly GitHub, email, and Microsoft Teams. Support might ask for log files to diagnose issues. You decide if you want to provide those log files.
Other services	See section Other Services below this table.

Other Services

WikiTraccs has a minimum set of required endpoints that it needs when migrating data from Confluence to SharePoint Online. Those endpoints are documented in the WikiTraccs Endpoint Reference.

WikiTraccs might reach out to other service endpoints to enhance the migration tooling. No migration data is sent to other services except SharePoint Online.

Other service endpoints might be used for

• downloading the Google Chrome WebDriver
• downloading the Draw.io viewer
• checking for new WikiTraccs releases, or
• downloading external images.

Again, no migration data is transmitted to those endpoints.

Please refer to the WikiTraccs Endpoint Reference for a list of recommended and optional endpoints, as well as the article about locked down environments and the consequences of locking down: Locked-down environments.

Further Information

1 - Secure Development and Release

Scope

WikiTraccs runs on the customer’s migration machine. No vendor‑hosted systems. Data stays local to the customer environment.

No Subprocessors

No vendor cloud hosting or third-party subprocessors involved in product operation.

Development Workflow

• Issues: public issues in a public GitHub repository; private reports tracked in a private repository
• Branching: main for releases; features and fixes in separate branches

CI Checks

• Antivirus scan
• Static code analysis
• Dependency and license scan
• Known vulnerability scan
• Secret scan

Release Integrity

• Release artifacts are signed in CI
• A checksum file lists per‑file hashes in the package

Testing

• Extensive unit test coverage
• Manual testing of releases

Versioning and Support

• Semantic Versioning (MAJOR.MINOR.PATCH)
• Changelog documents all user-visible changes
• Support policy: current GA and prerelease versions receive fixes; older versions are EOL

Vulnerability Disclosure and Response

• Email reports to [email protected]
• Acknowledge within one business day. Start on high‑impact issues immediately. Target fix in two weeks, subject to complexity.
• Safe‑harbor for good‑faith research
• security.txt

Supply Chain Hygiene

• Dependencies are pinned via lock files
• Builds are reproducible

2 - Data Storage and Transmission

This article covers one of the major concerns with any migration tool: handling of data.

WikiTraccs handles data securely.

Big Picture

WikiTraccs is a console application that connects to both Confluence and SharePoint Online during the Confluence to SharePoint migration.

It downloads content like pages and attachments from Confluence to a local directory. It processes this locally stored data and uploads it to SharePoint Online.

Where does WikiTracc run? Is it a cloud service?

WikiTraccs is not a cloud service. WikiTraccs is a .NET-based console application that runs on a Windows workstation of your choosing.

The workstation WikiTraccs runs on can be any machine: your VPN-connected laptop at home, an on-premises server, a cloud VM - as long as it can connect to and authenticate with both Confluence and SharePoint Online it will work.

And because this question sometimes comes up: No, WikiTraccs does not need to run on the Confluence server.

Where does WikiTraccs store data? Is data being sent somewhere?

WikiTraccs stores data locally on the workstation it is running on.

This locally stored data includes:

• page contents
• attachments
• log files
• cached data and temporary files

There is no cloud storage involved, apart from SharePoint Online as migration target. Other migration tools use Azure or third-party storage solutions as temporary storage location before data is being moved to SharePoint Online. WikiTraccs does not do that. It directly uploads to SharePoint.

The data never leaves the workstation, except for SharePoint Online, which is the target of the migration.

This article has details on where WikiTraccs stores data on the migration machine: File Storage.

What level of encryption is used for data at rest?

Data at rest in the context of WikiTraccs is content stored on the workstation that is used to perform the migration and to run WikiTraccs. This data is not encrypted and can potentially be accessed by users of this workstation, depending on file system access permissions.

How is data transmission secured?

Connections use TLS version 1.2. For Confluence, some clients run their instance disconnected from the internet and connect via HTTP from their internal network, which WikiTraccs allows.

WikiTraccs uses the Confluence REST API as well as the SharePoint Online API and Microsoft Graph, when it comes to transmitting migrated content.

A complete list of endpoints used by WikiTraccs is shown in the Endpoint Reference.

Can WikiTraccs access all my data?

No, WikiTraccs can only access data you choose to let it have access to.

The access level of WikiTraccs depends on the migration accounts you choose for Confluence and SharePoint.

When starting a migration, you will authenticate with one user account in Confluence, with another user account in SharePoint. Since WikiTraccs accesses data in the context of those user sessions, it can only see what those accounts can see.

Example for Confluence: when starting the migration, you log in with an account that can only see pages from one space. WikiTraccs will only be able to migrate this one space since it cannot access other spaces.

Example for SharePoint: when starting the migration, you log in with an account that is site admin for all migration target sites, but doesn’t have access to other sites in the SharePoint tenant. WikiTraccs now also will only be able to access the migration target sites. Nothing else.

Can Wiki Transformation Project or Heinrich access my data?

No, unless you actively send it to me.

Where can I get an architectural overview, like, a diagram?

Please have a look at the Security article, which dives deeper.

3 - Endpoint Reference

Required Endpoints

The following table lists the required endpoints for using WikiTraccs.

Microsoft 365

Atlassian Confluence REST API

WikiTraccs uses the REST endpoints of Confluence.

The REST endpoints are expected under the following URL:

• <confluencebaseurl>/rest/api/ (on-prem & cloud)
• <confluencebaseurl>/api/v2 (cloud)

Highly Recommended Endpoints

The following endpoints should be made available to WikiTraccs for ease of use. If those endpoints are blocked, it will lead to:

• higher configuration effort
• repeated configuration effort
• reduced migration capabilities

Refer to the following article for information on the different endpoints and the consequences of blocking them: Locked-down environments.

Automatic Chrome WebDriver download

The Chrome WebDriver is used by WikiTraccs to show a browser window for Confluence authentication.

Refer to the troubleshooting section, specificilly on how to manually work around the restrictions imposed by blocking endpoints.

Draw.io Endpoints

Refer to Prerequisites for Draw.io Preview Image Generation for information about endpoints related to Draw.io migration.

Optional Endpoints

Atlassian Confluence (On-Prem) XML-RPC

WikiTraccs uses the REST endpoints of Confluence with one exception.

There is one endpoint of the old XML-RPC API that is being used to read space permissions, since those are not available via the REST API. This endpoint is expected under the following URL:

• <confluencebaseurl>/rpc/xmlrpc/

Space permissions are currently retrieved by WikiTraccs but not processed during the migration. It currently is no problem when this endpoint is not available, but data about space permissions might be missing when a future release of WikiTraccs starts working with them.

4 - Running WikiTraccs in Locked-Down Environments

The term “locked-down” in this article mainly refers to networking, where network configuration in an environment prohibits WikiTraccs from calling anything else than Confluence and Microsoft 365-related endpoints.

Endpoints Required at Minimum

Please review the WikiTraccs Endpoint Reference for a list of required endpoints.

How Is the Migration Affected by Limited Endpoint Access?

The following migration tasks need endpoints other than Confluence and Microsoft 365:

1. Logging in to Confluence using Interactive authentication (requires downloading Chrome Webdriver)
2. Migrating external images (requires downloading those external images)
3. Migrating Confluence Cloud whiteboards (requires Chrome Webdriver)
4. Creating draw.io preview images (requires downloading the draw.io diagram viewer and potentially linked resources like images and fonts, as well as the Chrome Webdriver)
5. Migrating Jira macros (requires reaching out to Jira)
6. Checking for WikiTraccs updates (requires reaching out to GitHub)

The following sections describe implications, related WikiTraccs settings, and workarounds for any of the above points.

Major Impact: Blocking Chrome Webdriver Download

Several migration tasks need to be run in a real Chrome browser which is controlled by WikiTraccs.

To remote-control the browser, WikiTraccs will automatically download the required tool, the Chrome Webdriver.

Required endpoints are documented here: Endpoints - Automatic Chrome Webdriver Download.

If any of the required endpoints is blocked, you can manually provide the correct configuration values and Chrome Webdriver version as described here: How to handle blocked Google Chrome Webdriver Endpoints.

Note that if you cannot provide the Chrome Webdriver to WikiTraccs, you’ll lose several features like interactive authentication, whiteboard migration, draw.io preview image generation, and access to some Confluence APIs that are not accessible otherwise (mostly Cloud-related).

Refer to some of the following sections for details.

Blocking Interactive Authentication

When choosing Interactive authentication for Confluence, WikiTraccs needs to open and remote-control a browser for you to be able to log in to Confluence, and to get the session cookies.

When Chrome Webdriver download is blocked, Interactive Authentication is not possible anymore.

Use Personal Access Token or one of the workarounds reserved for harder cases.

Blocking Migration of External Images

Confluence allows using images from external (non-Confluence) locations in wiki pages. When such a page opens, the browser will load the image from the external location.

SharePoint Online doesn’t allow loading images from external locations due to privacy concerns. That’s why WikiTraccs, when migrating such a page, downloads the external image and uploads it as page attachment to SharePoint.

If external endpoints are blocked, those external images will be missing in SharePoint.

Note that you can explicitly turn off downloading of external images in WikiTraccs’ settings, speeding up the migration, as WikiTraccs then won’t reach out to external hosts.

Blocking Whiteboard Download (Confluence Cloud)

Whiteboard download needs to be done in a browser that is controlled by WikiTraccs, which requires the Chrome Webdriver to be in place.

See above section Blocking Interactive Authentication, the same reasoning applies.

Note that you can explicitly turn off whiteboard migration in WikiTraccs’ settings.

Blocking Draw.io Image Generation

Draw.io image generation needs to be done in a browser that is controlled by WikiTraccs, which requires the Chrome Webdriver to be in place.

See above section Blocking Interactive Authentication, the same reasoning applies.

Furthermore, at least one additional endpoint is required to download the draw.io viewer application. See Prerequisites for Draw.io Preview Image Generation for details.

When starting a migration run, WikiTraccs tests if draw.io images can be generated. If not, the feature is automatically disabled during this migration run.

Blocking Jira Access

You can prevent WikiTraccs from reaching out to Jira by using this configuration snippet: Prevent WikiTraccs from reaching out to Jira.

Proxy Configuration

When configuring *_PROXY environment variables, make sure to add http://localhost to the NO_PROXY environment variable. This is required for the automated Chrome browser to work properly.

5 - Data Processing Agreement - WikiTraccs

WikiTraccs is a console application that runs on a customer-controlled machine and connects only to the customer’s Atlassian Confluence and Microsoft SharePoint Online.

Product network interactions for transparency:

• If your Confluence pages reference third-party resources (for example external images), your environment may contact those external hosts to fetch them. Those hosts receive your egress IP address and act as independent controllers. You control these calls through your configuration and network policies. (Privacy Policy)

If you choose to send support artifacts such as log excerpts or screenshots, I act as a processor only for those materials under your instructions. Artifacts are handled in Exchange Online with data stored in Germany and are deleted within 30 days after issue resolution.

If you require a support-only DPA for this narrow scope, see the template below.

Support Data Processing Addendum (support artifacts only) [Template]

Parties

• Customer (Controller): [Customer legal name], [Customer address]
• Service Provider (Processor): Wiki Transformation Project - Heinrich Ulbricht (sole proprietor)

Definition

“Support Matter” means a discrete, customer-initiated request for assistance submitted via email or similar channel.

1. Subject Matter and Duration

1.1 Processing is limited to support artifacts that the Customer voluntarily provides (e.g., log excerpts, screenshots, redacted sample pages) for the sole purpose of diagnosing and resolving WikiTraccs support requests. Processing lasts only for the Support Matter.

1.2 Where such processing occurs, the Customer is the Data Controller and the Service Provider is the Data Processor of such Personal Data, except where the Customer acts as a Data Processor of Personal Data, in which case the Service Provider is a Data Sub-Processor.

1.3 The Service Provider deletes all artifacts within 30 days after Support Matter resolution unless law requires longer retention.

2. Nature and Purpose of Processing

Viewing, storing, analyzing, and communicating about the artifacts to provide support for WikiTraccs. There is neither operation of hosted services nor access to the Customer’s production systems.

3. Categories of Personal Data and Data Subjects

3.1 Categories of personal data may include business contact data and any personal data incidentally contained in artifacts.

3.2 Categories of data subjects may include the Customer’s employees or users. Special categories are not expected. The Customer will avoid sending secrets, credentials, or special-category data to the Service Provider.

4. Documented Instructions

The Service Provider acts only on the Customer’s documented instructions in tickets or email. If an instruction appears unlawful under the GDPR, the Service Provider will promptly inform the Customer.

5. Confidentiality

The Service Provider ensures that all persons authorized to process the data have committed themselves to confidentiality.

6. Security Measures (Art. 32 GDPR)

The Service Provider maintains appropriate measures for this limited scope, including access controls, malware-protected workstations, encrypted storage at rest, encrypted transmission, least-privilege access, and secure deletion.

7. Sub-Processors

7.1 The Service Provider uses the following sub-processor solely for email handling of support artifacts:

• Name: Microsoft Ireland Operations Limited
• Service: Exchange Online (Microsoft 365)
• Processing: receipt, storage, and transmission of support emails and attachments containing support artifacts
• Primary data location: Germany (tenant setting)
• Safeguards: encryption in transit and at rest; EU Standard Contractual Clauses and Microsoft data protection terms

7.2 The Customer consents to this sub-processor. The Service Provider will notify the Customer of intended changes to sub-processors with 30 days’ notice, and the Customer may object for justified reasons. No other sub-processors will be appointed without the Customer’s prior written consent.

8. International Data Transfers

No transfers of personal data outside the European Economic Area (EEA) are intended by the Service Provider. To the extent Microsoft, as sub-processor, accesses personal data from outside the EEA for service operations, such access is covered by appropriate safeguards, including the EU Standard Contractual Clauses.

9. Assistance

The Service Provider will reasonably assist the Customer with data subject requests, Data Protection Impact Assessments (DPIAs), and consultations, considering the limited scope and information available to the Service Provider.

10. Notification of Personal Data Breaches

The Service Provider will notify the Customer without undue delay after becoming aware of a personal data breach affecting artifacts.

11. Deletion and Return

At Support Matter resolution, the Service Provider will delete all artifacts, including any copies in Exchange Online mailboxes, within 30 days and, on request, confirm deletion in writing. The Service Provider cannot delete data on the Customer’s systems.

Dormant threads: If the Customer does not respond to a Service Provider request for 30 days, the Support Matter will be deemed resolved for deletion timing.

12. Audit and Information

The Service Provider will make available information necessary to demonstrate compliance with this Addendum and will allow one reasonable, document-based audit per year with 30 days’ notice. No on-site audits. No access to systems unrelated to support artifacts.

13. Precedence

This Addendum governs the processing of support artifacts. If it conflicts with other terms, this Addendum prevails for that processing.

Effective date: Effective on the date of the later signature below.

Accepted by:

Customer
Name: ______________________ Title: ___________ Date: ___________
Signature: __________________________

Service Provider
Name: Heinrich Ulbricht Title: Sole proprietor Date: ___________
Signature: __________________________