Secure secrets configuration properties

Secured secrets by default

このページの内容

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

For additional security, you can protect your passwords (for example, a database password) stored in the bitbucket.properties  file. This is enabled by the secrets.secured-properties setting in the bitbucket.properties  file which defines properties that must be secured and stored in a secure storage backend.

設定手順

Before you configure your secure properties, make sure you’ve determined which properties you wish to secure. Typical examples include jdbc.password, but you may have others.

To configure secure properties in your Bitbucket instance, follow the steps below.

  1. Shutdown Bitbucket on all nodes.

  2. Locate the Bitbucket shared home directory and open the bitbucket.properties file.

  3. Identify sensitive properties (such as jdbc.password and server.ssl.key-password.

  4. Add a line for secrets.secured-properties to the bitbucket.properties file and specify the properties you identified earlier, separated by commas. For example:

    jdbc.password=actualdbpassword
    server.ssl.key-password=actualsslpassword
    secrets.secured-properties=jdbc.password,server.ssl.key-passw
  5. Save and close the bitbucket.properties file.

  6. Start Bitbucket on all nodes.
    During startup, Bitbucket will read the updated properties file and secure the specified properties accordingly.

  7. Once Bitbucket has fully started, check the bitbucket.properties file again.
    The properties you secured should now be replaced with the {ATL_SECURED} placeholder, with the actual encrypted values moved into a secure storage.
    For example:

    jdbc.password={ATL_SECURED}
    server.ssl.key-password={ATL_SECURED}
    secrets.secured-properties=jdbc.password,server.ssl.key-password
最終更新日: 2024 年 10 月 1 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.