The Security and Encryption for Confluence seems close to what we need but we need an option to keep the secure data from Confluence Administrators as well. Think PII where you only want HR to be able to see the content. A similar question is posted here: https://community.atlassian.com/t5/Confluence-questions/Restrict-viewing-for-Confluence-Administrators/qaq-p/452270
Our instances have 10K+ user licenses with numerous administrators. We have content that needs to only be available to the page authors and a portion of the users accessing a page. For example, we have pages where 90% of the content on a page is available to a group of 1k users but 10% of the page is only available to 100 users and that content needs to be hidden from admins as well. I may have several paragraphs of text available to the 90% but at the end of each paragraph, there is content that is only available to the 10%. It is not sufficient for it to be policy that admins won't peak or be allowed to access it "inadvertently." Functionally its probably acceptable that admins can access the content by extreme measures and under court order, but that access needs to be securely audited.
Our current solution involves having a link at the bottom of each paragraph that redirects the user to a separate (non Confluence) system to access the final text of a paragraph. The admins for the separate system are all members of the group that can see the secure data. The solution is very clunky visually, to administer, and to update paragraphs that are spread across 2 separate and different systems. This solution is even more complex in that we have multiple "pools" of secure content all of which has to be stored on separate servers under this solution. We didn't want to deploy Confluence to the secure systems as none of those users are experienced Confluence admins.
We use the Confluence Space User Management (CSUM) addon to manage groups, but clearly group management of the secure users needs to be unavailable to the Confluence admins as well if the content is to be totally secured. Or CSUM needs a secure audit trail.