Secure secrets configuration properties

Secured secrets by default

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

For additional security, you can protect your passwords (for example, a database password) stored in the bitbucket.properties  file. This is enabled by the secrets.secured-properties setting in the bitbucket.properties  file which defines properties that must be secured and stored in a secure storage backend.

Configuration Steps

Before you configure your secure properties, make sure you’ve determined which properties you wish to secure. Typical examples include jdbc.password, but you may have others.

To configure secure properties in your Bitbucket instance, follow the steps below.

  1. Shutdown Bitbucket on all nodes.

  2. Locate the Bitbucket shared home directory and open the bitbucket.properties file.

  3. Identify sensitive properties (such as jdbc.password and server.ssl.key-password.

  4. Add a line for secrets.secured-properties to the bitbucket.properties file and specify the properties you identified earlier, separated by commas. For example:

    jdbc.password=actualdbpassword
    server.ssl.key-password=actualsslpassword
    secrets.secured-properties=jdbc.password,server.ssl.key-passw
  5. Save and close the bitbucket.properties file.

  6. Start Bitbucket on all nodes.
    During startup, Bitbucket will read the updated properties file and secure the specified properties accordingly.

  7. Once Bitbucket has fully started, check the bitbucket.properties file again.
    The properties you secured should now be replaced with the {ATL_SECURED} placeholder, with the actual encrypted values moved into a secure storage.
    For example:

    jdbc.password={ATL_SECURED}
    server.ssl.key-password={ATL_SECURED}
    secrets.secured-properties=jdbc.password,server.ssl.key-password
Last modified on Oct 1, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.