Are Bitbucket Pipleines artifacts encrypted at rest? I can't find any information about this in the documentation. I wonder what the best practice is when dealing with potentially sensitive artifacts (for example Terraform plan files, which might contain sensitive data in plain text).
Hi, @Mark Hegedus! Welcome to the community!
Bitbucket Cloud data at rest is currently not encrypted, however, we are in the progress of supporting this and the work is estimated to be completed by Q3 of 2021. This is referenced on our roadmap under the 'Security' section:
Bitbucket encryption at rest
Support for ensuring your repositories are encrypted when on disk
While this is not implemented yet, you can use the secured variables to store the sensitive data instead of directly writing it into the file. From the repository, you can manage repository variables in Repository settings > Pipelines > Repository variables.
Secure variables are encrypted at rest using aes128 symmetric keys and stored in AWS DynamoDB tables in us-west-1. They're only ever sent over-the-wire via TLS (encrypted in transit). Bitbucket Pipelines is run in a SOC2 compliant environment, with the compliance report available via https://www.atlassian.com/trust/compliance
The variables are injected into the Docker containers environment variables list, making them available to all processes run from bitbucket pipelines.
Variables are masked in logs when uploaded, so log data never contains sensitive information; however anyone that can modify your build process could encode the value, for example using base64, and that base64 encoded value will not be detected and masked.
I hope this helps, but do let me know if you have any questions.
Hi everyone, Are you Bitbucket DC customer? If so, we'd love to talk to you! Our team wants to dive deep to understand your long-term plans regarding Bitbucket DC and Atlassian Cloud. Do you plan...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events