Secure secrets configuration properties
Administer Bitbucket Data Center
- Users and groups
- Advanced repository management
- External user directories
- Global permissions
- Setting up your mail server
- Integrate with Atlassian applications
- Connect Bitbucket to an external database
- Migrating Bitbucket Data Center to another server
- Migrate Bitbucket Server from Windows to Linux
- Run Bitbucket in AWS
- Specify the Bitbucket base URL
- Configuring the application navigator
- Managing apps
- View and configure the audit log
- Monitor security threats
- Update your license key
- Configuration properties
- Change Bitbucket's context path
- Data recovery and backups
- Disable HTTP(S) access to Git repositories
- Mirrors
- Bitbucket Mesh
- Export and import projects and repositories
- Git Large File Storage
- Git Virtual File System (GVFS)
- Enable SSH access to Git repositories
- Signed system commits
- Secret scanning
- Use diff transcoding
- Change the port Bitbucket listens on
- Lockout recovery process
- Configure secure administrator sessions (websudo)
- Proxy and secure Bitbucket
- High availability for Bitbucket
- Diagnostics for third-party apps
- Enabling JMX counters for performance monitoring
- Bitbucket guardrails
- Enable debug logging
- Scaling Bitbucket Data Center
- Add a shortcut link to a repository
- Administer code search
- Adding additional storage for your repository data
- Add a system-wide announcement banner
- Configuring Project links across Applications
- Improving instance stability with rate limiting
- Use a CDN with Atlassian Data Center applications
- Manage keys and tokens
- Link to other applications
- Setting a system-wide default branch name
- Automatically decline inactive pull requests
- Secure Bitbucket configuration properties
- Data pipeline
- Monitor application performance
- Secure secrets configuration properties
On this page
Related content
- No related content found
For additional security, you can protect your passwords (for example, a database password) stored in the bitbucket.properties file. This is enabled by the secrets.secured-properties setting in the bitbucket.properties file which defines properties that must be secured and stored in a secure storage backend.
Configuration Steps
Before you configure your secure properties, make sure you’ve determined which properties you wish to secure. Typical examples include jdbc.password, but you may have others.
To configure secure properties in your Bitbucket instance, follow the steps below.
Shutdown Bitbucket on all nodes.
Locate the Bitbucket shared home directory and open the
bitbucket.propertiesfile.Identify sensitive properties (such as
jdbc.passwordandserver.ssl.key-password.Add a line for
secrets.secured-propertiesto the bitbucket.properties file and specify the properties you identified earlier, separated by commas. For example:jdbc.password=actualdbpassword server.ssl.key-password=actualsslpassword secrets.secured-properties=jdbc.password,server.ssl.key-passwSave and close the
bitbucket.propertiesfile.Start Bitbucket on all nodes.
During startup, Bitbucket will read the updated properties file and secure the specified properties accordingly.Once Bitbucket has fully started, check the
bitbucket.propertiesfile again.
The properties you secured should now be replaced with the {ATL_SECURED} placeholder, with the actual encrypted values moved into a secure storage.
For example:jdbc.password={ATL_SECURED} server.ssl.key-password={ATL_SECURED} secrets.secured-properties=jdbc.password,server.ssl.key-password
Related content
- No related content found