• 44
    • We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Problem Definition

      Clients would like to have the ability to encrypt data at rest in Bitbucket on-premise (including DC environments) as they do for Bitbucket Cloud.

      Suggested Solution

      As this was added in Bitbucket in Cloud, can we add this into Bitbucket on-premise features as well?

      May be a a property to encrypt data that can be added to Bitbucket.properties file or/and a setting to to turn on/off data encryption at REST.

      Why this is important

      Commonly, it is a requirement from internal security auditing teams.

            [BSERV-12007] Encryption at rest for Bitbucket

            has there been any movement here on this? 

            Justin Kalina added a comment - has there been any movement here on this? 

            Erik Liu added a comment -

            interested in this feature, please help prioritize

            Erik Liu added a comment - interested in this feature, please help prioritize

            interested as well, every enterprise will require this feature, please help prioritize

            Idan Bidani added a comment - interested as well, every enterprise will require this feature, please help prioritize

            Also interested in this feature being added for customers using Atlassian Data Center environments ASAP... being driven by our customers and new security mandates.

            John Norcross added a comment - Also interested in this feature being added for customers using Atlassian Data Center environments ASAP... being driven by our customers and new security mandates.

            We as an enterprise company have commissioned an external outsourcing company to support our on-premise servers and applications, as the management has decided that this is not a core task of our company. But now customers while audits complain that non employees gets "simple" access to our Intellectual Property (IP), i.e. the source code we manage in BItbucket, and that this is a security issue in our R&D process if source code is directly related to the customer, what is likely possible for specific customer customization's. Because of the missing Bitbucket functionality of encrypted storage of the source code on the server hard-disks we are no longer allowed to use Bitbucket for these projects and with this our R&D landscape is currently getting diverse again as it was before BItbucket. Our management is not thinking about in-sourcing again the server and application administration as someone might think about, no, instead they question the usefulness of Bitbucket as our source code management system because it cannot meet our security requirements to the extent desired.

            So please bring encryption at rest (https://en.wikipedia.org/wiki/Data_at_rest) also to your on-premise data center solutions, as this is a essential security feature that we as enterprise company absolutely need.

            Michael Mohr added a comment - We as an enterprise company have commissioned an external outsourcing company to support our on-premise servers and applications, as the management has decided that this is not a core task of our company. But now customers while audits complain that non employees gets "simple" access to our Intellectual Property (IP), i.e. the source code we manage in BItbucket, and that this is a security issue in our R&D process if source code is directly related to the customer, what is likely possible for specific customer customization's. Because of the missing Bitbucket functionality of encrypted storage of the source code on the server hard-disks we are no longer allowed to use Bitbucket for these projects and with this our R&D landscape is currently getting diverse again as it was before BItbucket. Our management is not thinking about in-sourcing again the server and application administration as someone might think about, no, instead they question the usefulness of Bitbucket as our source code management system because it cannot meet our security requirements to the extent desired. So please bring encryption at rest ( https://en.wikipedia.org/wiki/Data_at_rest ) also to your on-premise data center solutions, as this is a essential security feature that we as enterprise company absolutely need.

            agarwva2 added a comment -

            +1

            agarwva2 added a comment - +1

              Unassigned Unassigned
              ctalk chucktalk
              Votes:
              34 Vote for this issue
              Watchers:
              35 Start watching this issue

                Created:
                Updated: