Security management
Introduction
Key rotation is an added security feature. It helps mitigate potential attacks if the original key is compromised. You can rotate keys on a regular cadence, reducing key compromise attacks even further. Key rotation is not activated by default, and we recommend you enable it.
As an Atlassian Data Center administrator, you can manage the lifecycle of AES keys generated by Bitbucket Data Center through a set of REST APIs. These APIs allow you to manage keys either manually or programmatically.
AES key management API
This API provides endpoints for rotating AES keys, retrieving inactive keys, and deleting inactive keys. Below you will find detailed descriptions of each endpoint, including the URL, accepted HTTP methods, possible response codes, and their meanings.
For full details of the API, visit https://developer.atlassian.com/server/bitbucket/rest/.
Audit logging
Key rotation and deletion events can all be found in the Bitbucket audit logs.
Troubleshooting and tips
Authorization
All endpoints require the user to have admin permissions. Ensure that you include the appropriate authorization headers with your requests.
Error Handling
In the event of a 500 response (Internal Server Error), check the application logs for more details on what might have gone wrong.
If you receive a 401 response (Unauthorized), verify your credentials and permissions.
Usage Notes
Ensure that you replace <HOSTNAME> and <PORT> with the actual host and port of your DC instance.