Custom encryption
In addition to the basic and advanced encryption methods that you can use, you can also choose to create your own Cipher, which might be especially useful if:
you're required to use a specific vault to store the password
you want to use encryption algorithms beyond those we ship with Bitbucket Server or Data Center
Step 1. Create a Maven project and get API dependencies
Get
password-cipher-api
andpassword-cipher-base
dependencies.Go to
<Bitbucket_installation_directory>/atlassian-bitbucket/WEB-INF/lib
.Copy the following jar files:
password-cipher-api-<version>.jar: this file contains the API
(optional) password-cipher-base-<version>.jar: this file contains some sample implementations
Create a Maven project.
Go to
resources
and create a new folder, namedlibs
.Copy the jar files to the
libs
folder.Next, use the following pom:
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId><your_group_ID></groupId> <artifactId><your_artifact_ID></artifactId> <version><your_version></version> <properties> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> </properties> <repositories> <repository> <id>local-maven-repo</id> <url>file:///${project.basedir}/libs</url> </repository> </repositories> <build> <resources> <resource> <directory>src/main/resources/libs</directory> <excludes> <exclude>*</exclude> </excludes> <filtering>false</filtering> </resource> </resources> </build> <dependencies> <dependency> <groupId>com.atlassian.db.config</groupId> <artifactId>password-cipher-api</artifactId> <version><api_version></version> <scope>provided</scope> </dependency> <dependency> <groupId>com.atlassian.db.config</groupId> <artifactId>password-cipher-base</artifactId> <version><base_version></version> <scope>provided</scope> </dependency> </dependencies> </project>
Step 2. Implement the Cipher interface
The Cipher interface contains two methods that you need to implement according to your requirements; encrypt
and decrypt
. decrypt
is called during Bitbucket startup, which means that long-running tasks can affect the startup time. encrypt
is not called by Bitbucket, as it's only used in the encryption tool.
You can use Base64Cipher
and AlgorithmCipher
as examples.
Step 3. Test your implementation
The encryption tool described in Basic encryption and Advanced encryption, uses the same code as Bitbucket to decrypt the password. You can use it to test your implementation.
Assuming that the CLI and your jar is in the same folder:
java -cp "./*" com.atlassian.db.config.password.tools.CipherTool -c your.package.here.ClassName
Step 4. Make your library available to Bitbucket
Bitbucket must be able to access your library. Your class will be instantiated using reflection. Put the library in the following directory:
<Bitbucket_home_directory>/lib