Secure secrets configuration properties
For additional security, you can protect your passwords (for example, a database password) stored in the bitbucket.properties file. This is enabled by the secrets.secured-properties setting in the bitbucket.properties file which defines properties that must be secured and stored in a secure storage backend.
Configuration Steps
Before you configure your secure properties, make sure you’ve determined which properties you wish to secure. Typical examples include jdbc.password, but you may have others.
To configure secure properties in your Bitbucket instance, follow the steps below.
Shutdown Bitbucket on all nodes.
Locate the Bitbucket shared home directory and open the
bitbucket.propertiesfile.Identify sensitive properties (such as
jdbc.passwordandserver.ssl.key-password.Add a line for
secrets.secured-propertiesto the bitbucket.properties file and specify the properties you identified earlier, separated by commas. For example:jdbc.password=actualdbpassword server.ssl.key-password=actualsslpassword secrets.secured-properties=jdbc.password,server.ssl.key-passwSave and close the
bitbucket.propertiesfile.Start Bitbucket on all nodes.
During startup, Bitbucket will read the updated properties file and secure the specified properties accordingly.Once Bitbucket has fully started, check the
bitbucket.propertiesfile again.
The properties you secured should now be replaced with the {ATL_SECURED} placeholder, with the actual encrypted values moved into a secure storage.
For example:jdbc.password={ATL_SECURED} server.ssl.key-password={ATL_SECURED} secrets.secured-properties=jdbc.password,server.ssl.key-password