Hi Fernando,
While data storage is not encrypted, access to your code is limited to a very small number of engineers on our team. This access is logged. Access by anyone else is controlled by Bitbucket permissions, so if your code is private, only you and the above engineers will be able to access it. For more information you can visit Bitbucket Cloud Security statement.
Bitbucket’s hard disks are also not encrypted at rest. This is due to performance and infrastructure implications, such as the recovery of data in the case of catastrophic failure. However, all passwords are hashed and salted. Repositories are kept on disk, but the details on repository ownership and access are kept on separate disks.
The following links contain our security policies and procedures:
Atlassian's security resources include:
Also, Bitbucket now offers IP whitelisting & required 2-Step Verification.
When complementary security dispositions become the main requirement, we advise to host the server version of Bitbucket on your own infrastructure, or on a third party cloud hosting provider (Amazon, Azure,…), or work together with one of our certified Atlassian Partners who can offer custom managed hosting services with additional flexibility.
For any additional questions, you can also email security@atlassian.com.
Hope this helps you, Fernando! If there's anything else we can do for you, please let us know.
Best regards,
Ana
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.