How to add a new user to the bundled OpenSearch in Bitbucket

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Bitbucket ships with OpenSearch from version 7.21.0 onwards. It has an inbuilt user to connect to the search server to authenticate. But sometimes you might want to create your own user to connect Bitbucket to OpenSearch. The procedure is a bit different compared to how it was with ElasticSearch.

The OpenSearch that is bundled with Bitbucket is designed to be used as it is. We will be supporting if any issues with using it in the way it was intended (the user we ship with, automatic provisioning, etc.). The contents in this article is provided for reference only and Atlassian support does not guarantee providing any support for it.

Environment

Bitbucket version 7.21.0 with bundled OpenSearch instance.

Solution

  • Add a new user "testuser" in the <Bitbucket-installation-directory>/opensearch/plugins/opensearch-security/securityconfig/internal_users.yml file like below:

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 _meta: type: "internalusers" config_version: 2 bitbucket: # Default "bitbucket-changeit" password which will be updated by automatic provisioning hash: "$2y$12$Tb3z/sY/i0VxVfykLSW/duzt.CmsDXOQTg.oVUtGi682e69idzRgC" backend_roles: - "admin" description: "Admin user" testuser: hash: "$2y$12$Tb3z/sY/i0VxVfykLSW/duzt.CmsDXOQTg.oVUtGi682e69idzRgC" backend_roles: - "admin" description: "Admin user"

    For OpenSearch versions >=2.0.0, internal_users.yml will be located at: <Bitbucket-installation-directory>/opensearch/config/opensearch-security/internal_users.yml

  • Run the hash.sh script in the location <Bitbucket-installation-directory>/opensearch/plugins/opensearch-security/tools/ and it'll prompt you for a password. Enter a password and note it down. This will be the password for the new user. Also note down the hash output of the script

  • Update the hash in the internal_users.yml with the output of the hash.sh script.

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 _meta: type: "internalusers" config_version: 2 bitbucket: # Default "bitbucket-changeit" password which will be updated by automatic provisioning hash: "$2y$12$Tb3z/sY/i0VxVfykLSW/duzt.CmsDXOQTg.oVUtGi682e69idzRgC" backend_roles: - "admin" description: "Admin user" testuser: hash: "Q/aQ3ooqZMfUAXlaM7iadeqR9DJ08iwX1O3yFKtKlzcCwNEvPO/Ei" backend_roles: - "admin" description: "Admin user"

  • Run the securityadmin.sh script as mentioned in the kb.

Updated on March 13, 2025
Platform
Data Center only
Product
Bitbucket Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community