Secure secrets configuration properties
For additional security, you can protect your passwords (for example, a database password) stored in the bitbucket.properties
file. This is enabled by the secrets.secured-properties
setting in the bitbucket.properties
file which defines properties that must be secured and stored in a secure storage backend.
設定手順
Before you configure your secure properties, make sure you’ve determined which properties you wish to secure. Typical examples include jdbc.password
, but you may have others.
To configure secure properties in your Bitbucket instance, follow the steps below.
Shutdown Bitbucket on all nodes.
Locate the Bitbucket shared home directory and open the
bitbucket.properties
file.Identify sensitive properties (such as
jdbc.password
andserver.ssl.key-password
.Add a line for
secrets.secured-properties
to the bitbucket.properties file and specify the properties you identified earlier, separated by commas. For example:jdbc.password=actualdbpassword server.ssl.key-password=actualsslpassword secrets.secured-properties=jdbc.password,server.ssl.key-passw
Save and close the
bitbucket.properties
file.Start Bitbucket on all nodes.
During startup, Bitbucket will read the updated properties file and secure the specified properties accordingly.Once Bitbucket has fully started, check the
bitbucket.properties
file again.
The properties you secured should now be replaced with the {ATL_SECURED} placeholder, with the actual encrypted values moved into a secure storage.
For example:jdbc.password={ATL_SECURED} server.ssl.key-password={ATL_SECURED} secrets.secured-properties=jdbc.password,server.ssl.key-password