Xpack Security for Bitbucket Data Center

Ramprasad Baliga December 24, 2019

Hi,

As per atlassian documentation, when elastic search is set up for code search in bitbucket data centre, it is recommended that xpack security be disabled.

https://confluence.atlassian.com/bitbucketserver066/how-to-install-and-configure-a-remote-elasticsearch-instance-978198477.html

However, we would like to know if there is any alternate solution for this? How are the other customers securing elastic search and making it work with bitbucket data centre i.e by not using the xpack security?

Thanks

Ram

1 comment

Cristiano Mariano
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 1, 2020

Hi! How are you doing?

Atlassian provides a free plugin called Buckler for this purpose.

You have got to pay attention that it requires Elastic 6.6.1 (we have tried to install it on 6.6.2 and it did not work).

Hope this helps!

Like Ramprasad Baliga likes this
Ramprasad Baliga January 6, 2020

Hi Cristiano!

Thanks for the reply! However the password in buckler.yml is not encrypted and becomes a security concern. I see there is a feature request to implement this - https://jira.atlassian.com/browse/BSERV-11650

One of the reasons why we would like to use xpack security.

Thanks

Ram

Like Cristiano Mariano likes this
Cristiano Mariano
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 11, 2020

Hi @Ramprasad Baliga ! How are you doing?

According to Bitbucket documentation, you could use other plugins, like Shield (according to Elastic documentation, Shield is now part of X-Pack).

Bitbucket Server also supports authentication to Elasticsearch through other plugins that provide basic authentication, like Elastic's Shield plugin.

Hope this helps!

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events