Bitbucket Backup Methods

Promotion 

Bitbucket is one of the largest source code management services for development projects. It can boast of having more than 10 million registered users, who chose this git hosting provider for a reason. It easily integrates with other Atlassian products, like Jira, a leading product management tool. You can simply set up and configure CI/CD in your Bitbucket within 2 effortless steps. So, there are many benefits.

But, what if you lose access to your crucial Bitbucket data? It can lead to business disruption, and more or less significant data loss.

Why do you need a Bitbucket repository and metadata backup?

There are a lot of threats your Bitbucket ecosystem can face. Human mistakes, Atlassian outages, your Bitbucket infrastructure downtime, software and hardware failures, natural disasters, ransomware attacks - are all the potential reasons for your Bitbucket data loss.
 
Is it possible to withstand the mentioned threat situations? Yes, if you have a backup in place.

Top 5 Bitbucket backup methods - good and better options

You can use different methods to back up your Bitbucket environment, yet which one is the most reliable for your organization?
 
To be sure that your Bitbucket repositories and metadata are any-time available and recoverable from any point in time, make sure that your backup includes the following features: 

  • Full Bitbucket data coverage - backs up repositories and all the related metadata, including Wiki, issues, deployment keys, pull requests, tags, LFS, commits, etc.
  • Follow 3-2-1 backup rule - 3 copies stored at 2 different locations (Cloud or local), one of which is offsite
  •  Backup replication between your storage instances
  • Flexible, long-term and unlimited retention
  • AES encryption with your own encryption key
  • Ransomware protection
  • Disaster Recovery technologies. 

Let’s first consider the Bitbucket backup methods the Atlassian offers - Bitbucket DIY Backups, Bitbucket Server Backup Client, and Bitbucket Zero Downtime Backup, and then proceed to other options - Bitbucket backup scripts and Third-party backup tools to secure your Bitbucket environment.

Method # 1 Bitbucket DIY Backup

First, what should be mentioned is that this method is suitable for and supports Bitbucket Server, Bitbucket Data Center, and Bitbucket Mesh instances. This method backs up such data as git repositories, Bitbucket Server logs, the database the instance is connected to, and plugins with their data (which you’ve ever installed).
 
You can use any language you want to implement any custom processes you need. This permits you to to use both your database’s incremental or fast snapshot tools, and the specific tools of your file server as a part of your DIY Backup. 
 
So, the DIY Backup for Bitbucket performs backup within the following steps:

Step # 1 - Prepare Bitbucket Server instance for backup
In order to reduce the risk of losing the data and the downtime, you will have the initial snapshot taken using incremental database and filesystem utilities. It is done with the thought to minimize the work later, especially if you modify a lot of data between backups. During this process you have the initial rsync of the home folder to the backup folder done, as well.

Step # 2 - Initiate the backup:   During this step your Bitbucket Server instance will be locked. Then, your connections to the database and the filesystem will be drained and latched. Finally, at the end of this step all you will need to do is to wait for the drain and latch step to complete.

Step # 3 - Perform operations for DIY Backup:   Now when your Bitbucket Server instance is ready for backup you will need to make a fully consistent backup of the database. For this you will need to use pg_dump. And then, using rsync, you will need to make a fully consistent backup of the filesystem.

Step # 4 - Finish the backup process:   As soon as your backup process is finished, your Bitbucket Server instance will be unlocked.

Step # 5 - Archive the files:   At the final step your system will archive all the backup files and create one big archive.

Method # 2 - Bitbucket Server Backup Client

Another method which is possible to use is Bitbucket Server Backup Client. It is a command line tool provided by Atlassian. That’s why you should run it externally from some other location yet with access to the Bitbucket home directory.
 
Like Bitbucket DIY Backup, with Bitbucket Server Backup Client you won’t be able to backup all the metadata your Bitbucket repository has. Thus, with Backup Client you will be able to make a copy of the database Bitbucket server is connected to, all the repositories you work on, the Bitbucket Server audit logs, and installed plugins and the related data.  
 
The procedure is rather simple. Actually, it is similar to Bitbucket DIY Backup and consists of 5 steps:

  • The Bitbucket Client locks access to your Bitbucket Server data during the backup process, which is called “maintenance mode.”
  • It checks if all operations (git and database) have been finished.
  • The Bitbucket Client makes a generic backup of the Bitbucket Server database and the Set the home directory.
  • Then it stores the completed backup copy on the local file system as a .tar file.
  • Finally, it finishes the maintenance mode and unlocks your Bitbucket Server.

Method # 3 - Bitbucket Zero Downtime Backup

Bitbucket Zero Downtime Backup is a technology developed by Atlassian. But you should remember that it only suits Bitbucket 4.8 and over. This technology permits to back up a Bitbucket instance without maintenance lock and take backups as often as your policy requires.
 
If you decide on this option, you should know what Zero Downtime Backup requires. So, you should have your shared home directory on a file system volume to take atomic snapshots. It permits your database to take those snapshots or restore a snapshot at the same time as the home directory snapshot has already been taken.

Method # 4 - Bitbucket Backup Script

According to the Shared Responsibility Model each user who has some data in Bitbucket is responsible for its security. Atlassian is responsible for the data security of the entire platform, not the individual Bitbucket repositories and metadata.
 
Moreover, the service provider even recommends its users to have daily backups at out-of-office hours to cut down the bandwidth throttling, and retain backups for at least one month in some offsite location.
 
The company can achieve it using the Atlassian backup tools that we mentioned above or by itself - entrusting some developer or a DevOps team to perform all the backup operations manually. It may work well in the beginning but in a long term perspective it will seem time-consuming. Moreover, it will distract your Devops team from their core duties as with the growing number of backups they will need to perform more and more work.
 
There are a lot of scripts written in different languages to backup your Bitbucket repositories. For example, here is one written in python - Bitbucket backup script.

Method # 5 - Third-party backup tools

If you have a strong intention to minimize the time your and your DevOps team spend on backups and automate the process of your Bitbucket backup performance, it’s worth considering a third-party backup solution, like GitProtect.io, a professional Bitbucket backup & DR software.
 
Backup vendor offers a turnkey backup solution, which includes immutable backups to a few storage instances - both cloud and local (which helps to meet the 3-2-1 backup rule), unlimited retention, ransomware protection, and, what is crucial, possibility to monitor how your Bitbucket backups have been performed.
 
When it comes to duties, you will be able to share the responsibilities of data security with a third-party tool, and comply with strict security demands. Actually, a reliable backup is a necessary requirement if you want to pass SOC 2 and ISO 27001 Security Audits.

Backup Methods and their short description 

 

Bitbucket DIY Backup

Bitbucket Server Backup Client

Bitbucket Zero Downtime Backup

Any manual backup script for Bitbucket

Third-party backup tool - GitProtect.io

Downtime during backup performance

Your Bitbucket experiences low downtime (a few seconds) to create a consistent snapshot

Your Bitbucket is locked during the entire backup process (it can take from a few minutes and more)

Your Bitbucket experiences no downtime

Your Bitbucket experiences no downtime (though it may depend on a backup script you use)

Your Bitbucket experiences no downtime (backup process is scheduled and performed automatically with no impact on your workflow)

Backed up data

Bitbucket repositories, logs, database, plugins

Bitbucket 4.8 and over

Depends on your backup script (usually repos only, not metadata)

All Bitbucket repositories and related metadata

Bitbucket DC

Supported

Not supported

Supported

Depends on your backup script (usually supported)

Supported

Description

Backup is done with an incremental copy or Atlassian-specific snapshot technology

Backup is performed with an external utility which locks the entire Bitbucket Server instance to back up the home directory and database

Backup is performed using snapshots (internally consistent & block-level filesystem)

Backup is performed manually (before backup your DevOps team should write a script)

Backup is performed automatically to the storage instance of your choice (with a possibility to assign another storages and replication between them)

Data Recovery and backups   

Let’s Sum Up

Bitbucket is a useful git repository platform which brings a lot of benefits to DevOps in their daily work - collaborate across teams, automate CI/CD deployments and build quality code.Though, to ship safely a company should build a reliable backup strategy.
 
For that reason they can use different methods to backup Bitbucket repositories and metadata covered in this article. Though, it’s up to the company to decide which of them meets the organization’s needs and requirements better.   


In you want to learn more, read Bitbucket Backup Best Practices. Try Bitbucket backup on Atlassian Marketplace. 


 

« Cyber Security Budgets Are Misspent
The Most Important Technology Advance In Decades »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Libraesva

Libraesva

Libraesva specialize in Email Security. From Email Security, Phishing Awareness and Email Archiver. We can assist you with any email issues you may have.

Commissum

Commissum

Commissum specialise in information assurance and security testing services.

Hitachi Systems Security

Hitachi Systems Security

Hitachi Systems Security provides customized services for monitoring and protecting the most critical and sensitive IT assets in our clients’ infrastructures 24/7.

Epati Information Technologies

Epati Information Technologies

ePati Information Technologies is a specialist in information technology and cyber security.

Matias Consulting Group (MCG)

Matias Consulting Group (MCG)

Your Business needs competitive and resilient ICT solutions. MCG defines, deploy & support them enabling you to focus on your core business.

Quest Software

Quest Software

Simple IT management for a complex world. Whether it’s digital transformation, cloud expansion, security threats or something new, Quest helps you solve complex problems with simple solutions.

International Accreditation Forum (IAF)

International Accreditation Forum (IAF)

The IAF is the world association of Conformity Assessment Accreditation Bodies. Its primary function is to develop a single worldwide programme of conformity assessment.

Naoris

Naoris

Naoris is the world’s first holistic blockchain-based cybersecurity ecosystem, bringing a game-changing solution to address 35 years of industry similar practice.

ECOLUX

ECOLUX

ECOLUX is a professional IoT security service company committed to developing world-leading “IoT Lifecycle Security” technologies and products.

Korn Ferry

Korn Ferry

Korn Ferry is a global organizational consulting firm, synchronizing strategy and talent to drive superior performance for our clients in key areas including cybersecurity.

Magna5

Magna5

Magna5 is a managed IT service provider focusing in network and server monitoring, backup and disaster recovery, cybersecurity, help desk and SD-WAN.

Astrill VPN

Astrill VPN

Astrill VPN is a Seychelles based Virtual Private Network(VPN) Company.

BlockSec

BlockSec

BlockSec is dedicated to building blockchain security infrastructure. The team is founded by top security researchers and experiencedexperts from both academia and industry.

Cognilytica

Cognilytica

Cognilytica’s Cognitive Project Management for AI (CPMAI) training and certification is recognized around the world as the best practices methodology for implementing successful AI & ML projects.

Commvault

Commvault

Commvault's data protection and information management solutions help companies protect, access and use all of their data, anywhere and anytime.

Hudson Rock

Hudson Rock

Hudson Rock’s products — Cavalier & Bayonet — are powered by our cybercrime database, composed of millions of machines compromised by Infostealers in global malware spreading campaigns.