Skip to content
ctk

Security

Credentials Storage

Section titled “Credentials Storage”

Credentials are stored at ~/.config/ctk/credentials.json with file permissions 0600 (owner read/write only). The config directory is created with 0700 permissions.

The file contains:

  • Confluence subdomain
  • Email address
  • API token (not your Atlassian password)
  • Timestamp of when credentials were stored

Environment Variables

Section titled “Environment Variables”

For CI/CD or MCP server deployment, credentials can be passed via environment variables instead of the file:

  • CONFLUENCE_DOMAIN
  • CONFLUENCE_EMAIL
  • CONFLUENCE_API_TOKEN

Environment variables take precedence over stored credentials.

Two-Layer Safety Model

Section titled “Two-Layer Safety Model”

ctk provides defense-in-depth for AI agent access through two independent security layers.

Layer 1: Token Scopes

Section titled “Layer 1: Token Scopes”

ctk uses Atlassian’s granular API token scopes. Create a Confluence app token at id.atlassian.com and select only the scopes you need.

Run ctk auth to see the full recommended scope list, or refer to the Configuration guide.

Read-only (8 scopes): Spaces, pages, folders, children/ancestors, comments, labels, attachments, and CQL search.

Full access (add 6 write/delete scopes): Create/update pages and folders, add comments and labels, delete pages and folders.

If a scope is missing, the Confluence API returns 403 — the operation is blocked at the API level before ctk even processes the response.

Layer 2: Write Gating

Section titled “Layer 2: Write Gating”

Write operations (create, update, delete, move pages/folders; add/remove labels; add comments) are disabled by default.

To enable writes, set CTK_ENABLE_WRITES=true. This is an explicit opt-in to prevent accidental modifications — even if the token has write scopes.

When writes are disabled:

  • Tool descriptions reflect only read actions
  • Write actions return a clear error message
  • The AI agent sees only what it can do

Tool Disabling

Section titled “Tool Disabling”

Individual tools can be disabled with CTK_DISABLED_TOOLS:

Terminal window
CTK_DISABLED_TOOLS="manage_comments,manage_attachments" ctk mcp

Disabled tools are not registered with the MCP server at all — they don’t appear in the tool list.

Rate Limiting

Section titled “Rate Limiting”

The built-in rate limiter prevents accidental API abuse:

  • 20 requests per minute maximum
  • Token-bucket algorithm with 3-second refill
  • Applies to all HTTP methods

If the rate limit is exceeded, the request fails immediately with an error (no retry/backoff).

Network Security

Section titled “Network Security”
  • All API calls use HTTPS to <domain>.atlassian.net
  • Authentication uses HTTP Basic Auth (email + API token)
  • No data is sent to any third party
  • No telemetry or analytics

Data Locality

Section titled “Data Locality”

ctk runs entirely on your machine:

  • Credentials are stored locally
  • API calls go directly to Confluence Cloud
  • Response logs go to /tmp/ctk-logs/ (local temp directory)
  • Downloaded attachments go to /tmp/ctk-downloads/
  • No data leaves your machine except to Confluence