diff --git a/rules/S7147/metadata.json b/rules/S7147/metadata.json
new file mode 100644
index 00000000000..2c63c085104
--- /dev/null
+++ b/rules/S7147/metadata.json
@@ -0,0 +1,2 @@
+{
+}
diff --git a/rules/S7147/secrets/metadata.json b/rules/S7147/secrets/metadata.json
new file mode 100644
index 00000000000..e94a78c9e88
--- /dev/null
+++ b/rules/S7147/secrets/metadata.json
@@ -0,0 +1,56 @@
+{
+  "title": "Atlassian secrets should not be disclosed",
+  "type": "VULNERABILITY",
+  "code": {
+    "impacts": {
+      "SECURITY": "HIGH"
+    },
+    "attribute": "TRUSTWORTHY"
+  },
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "30min"
+  },
+  "tags": [
+    "cwe",
+    "cert"
+  ],
+  "defaultSeverity": "Blocker",
+  "ruleSpecification": "RSPEC-7147",
+  "sqKey": "S7147",
+  "scope": "All",
+  "securityStandards": {
+    "CWE": [
+      798,
+      259
+    ],
+    "OWASP": [
+      "A3"
+    ],
+    "CERT": [
+      "MSC03-J."
+    ],
+    "OWASP Top 10 2021": [
+      "A7"
+    ],
+    "PCI DSS 3.2": [
+      "6.5.10"
+    ],
+    "PCI DSS 4.0": [
+      "6.2.4"
+    ],
+    "ASVS 4.0": [
+      "2.10.4",
+      "3.5.2",
+      "6.4.1"
+    ],
+    "STIG ASD_V5R3": [
+      "V-222642"
+    ]
+  },
+  "defaultQualityProfiles": [
+    "Sonar way"
+  ],
+  "quickfix": "unknown"
+}
diff --git a/rules/S7147/secrets/rule.adoc b/rules/S7147/secrets/rule.adoc
new file mode 100644
index 00000000000..eb5a46d7cc9
--- /dev/null
+++ b/rules/S7147/secrets/rule.adoc
@@ -0,0 +1,44 @@
+
+include::../../../shared_content/secrets/description.adoc[]
+
+== Why is this an issue?
+
+include::../../../shared_content/secrets/rationale.adoc[]
+
+If attackers gain access to Atlassian API tokens or OAuth credentials, they will be able to interact with Atlassian product APIs on behalf of the compromised account. This includes products such as Jira, Confluence, or BitBucket.
+
+=== What is the potential impact?
+
+Below are some real-world scenarios that illustrate some impacts of an attacker
+exploiting the secret.
+
+include::../../../shared_content/secrets/impact/source_code_compromise.adoc[]
+
+include::../../../shared_content/secrets/impact/supply_chain_attack.adoc[]
+
+include::../../../shared_content/secrets/impact/data_compromise.adoc[]
+
+include::../../../shared_content/secrets/impact/data_modification.adoc[]
+
+== How to fix it
+
+include::../../../shared_content/secrets/fix/revoke.adoc[]
+
+include::../../../shared_content/secrets/fix/vault.adoc[]
+
+=== Code examples
+
+:example_secret: ATATT3xFfGF0fMvPEsrw8suA4pUbNn7Ke4ymCtbDUUia0OuNj4Dj_c_z-4YnGzP3_uToXP2HUU9DX3DZhkF1VoF14QyiXMZ1y7FIxVmzc-RStczBTs2640JgH4BjAdpfiSkgrF8Qv0XShGg9DlYekSbLqSLQ2db3qfTzqUoDLPgjZu-b49SE=D65AD736
+:example_name: atlassian.api-token
+:example_env: ATLASSIAN_API_TOKEN
+
+include::../../../shared_content/secrets/examples.adoc[]
+
+== Resources
+
+=== Documentation
+
+* Atlassian Support - https://confluence.atlassian.com/enterprise/using-personal-access-tokens-1026032365.html[Using personal access tokens]
+* Atlassian Support - https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/[OAuth 2.0 (3LO) apps]
+
+include::../../../shared_content/secrets/resources/standards.adoc[]