Bitbucket Backup Methods

Promotion 

Bitbucket is one of the largest source code management services for development projects. It can boast of having more than 10 million registered users, who chose this git hosting provider for a reason. It easily integrates with other Atlassian products, like Jira, a leading product management tool. You can simply set up and configure CI/CD in your Bitbucket within 2 effortless steps. So, there are many benefits.

But, what if you lose access to your crucial Bitbucket data? It can lead to business disruption, and more or less significant data loss.

Why do you need a Bitbucket repository and metadata backup?

There are a lot of threats your Bitbucket ecosystem can face. Human mistakes, Atlassian outages, your Bitbucket infrastructure downtime, software and hardware failures, natural disasters, ransomware attacks - are all the potential reasons for your Bitbucket data loss.
 
Is it possible to withstand the mentioned threat situations? Yes, if you have a backup in place.

Top 5 Bitbucket backup methods - good and better options

You can use different methods to back up your Bitbucket environment, yet which one is the most reliable for your organization?
 
To be sure that your Bitbucket repositories and metadata are any-time available and recoverable from any point in time, make sure that your backup includes the following features: 

  • Full Bitbucket data coverage - backs up repositories and all the related metadata, including Wiki, issues, deployment keys, pull requests, tags, LFS, commits, etc.
  • Follow 3-2-1 backup rule - 3 copies stored at 2 different locations (Cloud or local), one of which is offsite
  •  Backup replication between your storage instances
  • Flexible, long-term and unlimited retention
  • AES encryption with your own encryption key
  • Ransomware protection
  • Disaster Recovery technologies. 

Let’s first consider the Bitbucket backup methods the Atlassian offers - Bitbucket DIY Backups, Bitbucket Server Backup Client, and Bitbucket Zero Downtime Backup, and then proceed to other options - Bitbucket backup scripts and Third-party backup tools to secure your Bitbucket environment.

Method # 1 Bitbucket DIY Backup

First, what should be mentioned is that this method is suitable for and supports Bitbucket Server, Bitbucket Data Center, and Bitbucket Mesh instances. This method backs up such data as git repositories, Bitbucket Server logs, the database the instance is connected to, and plugins with their data (which you’ve ever installed).
 
You can use any language you want to implement any custom processes you need. This permits you to to use both your database’s incremental or fast snapshot tools, and the specific tools of your file server as a part of your DIY Backup. 
 
So, the DIY Backup for Bitbucket performs backup within the following steps:

Step # 1 - Prepare Bitbucket Server instance for backup
In order to reduce the risk of losing the data and the downtime, you will have the initial snapshot taken using incremental database and filesystem utilities. It is done with the thought to minimize the work later, especially if you modify a lot of data between backups. During this process you have the initial rsync of the home folder to the backup folder done, as well.

Step # 2 - Initiate the backup:   During this step your Bitbucket Server instance will be locked. Then, your connections to the database and the filesystem will be drained and latched. Finally, at the end of this step all you will need to do is to wait for the drain and latch step to complete.

Step # 3 - Perform operations for DIY Backup:   Now when your Bitbucket Server instance is ready for backup you will need to make a fully consistent backup of the database. For this you will need to use pg_dump. And then, using rsync, you will need to make a fully consistent backup of the filesystem.

Step # 4 - Finish the backup process:   As soon as your backup process is finished, your Bitbucket Server instance will be unlocked.

Step # 5 - Archive the files:   At the final step your system will archive all the backup files and create one big archive.

Method # 2 - Bitbucket Server Backup Client

Another method which is possible to use is Bitbucket Server Backup Client. It is a command line tool provided by Atlassian. That’s why you should run it externally from some other location yet with access to the Bitbucket home directory.
 
Like Bitbucket DIY Backup, with Bitbucket Server Backup Client you won’t be able to backup all the metadata your Bitbucket repository has. Thus, with Backup Client you will be able to make a copy of the database Bitbucket server is connected to, all the repositories you work on, the Bitbucket Server audit logs, and installed plugins and the related data.  
 
The procedure is rather simple. Actually, it is similar to Bitbucket DIY Backup and consists of 5 steps:

  • The Bitbucket Client locks access to your Bitbucket Server data during the backup process, which is called “maintenance mode.”
  • It checks if all operations (git and database) have been finished.
  • The Bitbucket Client makes a generic backup of the Bitbucket Server database and the Set the home directory.
  • Then it stores the completed backup copy on the local file system as a .tar file.
  • Finally, it finishes the maintenance mode and unlocks your Bitbucket Server.

Method # 3 - Bitbucket Zero Downtime Backup

Bitbucket Zero Downtime Backup is a technology developed by Atlassian. But you should remember that it only suits Bitbucket 4.8 and over. This technology permits to back up a Bitbucket instance without maintenance lock and take backups as often as your policy requires.
 
If you decide on this option, you should know what Zero Downtime Backup requires. So, you should have your shared home directory on a file system volume to take atomic snapshots. It permits your database to take those snapshots or restore a snapshot at the same time as the home directory snapshot has already been taken.

Method # 4 - Bitbucket Backup Script

According to the Shared Responsibility Model each user who has some data in Bitbucket is responsible for its security. Atlassian is responsible for the data security of the entire platform, not the individual Bitbucket repositories and metadata.
 
Moreover, the service provider even recommends its users to have daily backups at out-of-office hours to cut down the bandwidth throttling, and retain backups for at least one month in some offsite location.
 
The company can achieve it using the Atlassian backup tools that we mentioned above or by itself - entrusting some developer or a DevOps team to perform all the backup operations manually. It may work well in the beginning but in a long term perspective it will seem time-consuming. Moreover, it will distract your Devops team from their core duties as with the growing number of backups they will need to perform more and more work.
 
There are a lot of scripts written in different languages to backup your Bitbucket repositories. For example, here is one written in python - Bitbucket backup script.

Method # 5 - Third-party backup tools

If you have a strong intention to minimize the time your and your DevOps team spend on backups and automate the process of your Bitbucket backup performance, it’s worth considering a third-party backup solution, like GitProtect.io, a professional Bitbucket backup & DR software.
 
Backup vendor offers a turnkey backup solution, which includes immutable backups to a few storage instances - both cloud and local (which helps to meet the 3-2-1 backup rule), unlimited retention, ransomware protection, and, what is crucial, possibility to monitor how your Bitbucket backups have been performed.
 
When it comes to duties, you will be able to share the responsibilities of data security with a third-party tool, and comply with strict security demands. Actually, a reliable backup is a necessary requirement if you want to pass SOC 2 and ISO 27001 Security Audits.

Backup Methods and their short description 

 

Bitbucket DIY Backup

Bitbucket Server Backup Client

Bitbucket Zero Downtime Backup

Any manual backup script for Bitbucket

Third-party backup tool - GitProtect.io

Downtime during backup performance

Your Bitbucket experiences low downtime (a few seconds) to create a consistent snapshot

Your Bitbucket is locked during the entire backup process (it can take from a few minutes and more)

Your Bitbucket experiences no downtime

Your Bitbucket experiences no downtime (though it may depend on a backup script you use)

Your Bitbucket experiences no downtime (backup process is scheduled and performed automatically with no impact on your workflow)

Backed up data

Bitbucket repositories, logs, database, plugins

Bitbucket 4.8 and over

Depends on your backup script (usually repos only, not metadata)

All Bitbucket repositories and related metadata

Bitbucket DC

Supported

Not supported

Supported

Depends on your backup script (usually supported)

Supported

Description

Backup is done with an incremental copy or Atlassian-specific snapshot technology

Backup is performed with an external utility which locks the entire Bitbucket Server instance to back up the home directory and database

Backup is performed using snapshots (internally consistent & block-level filesystem)

Backup is performed manually (before backup your DevOps team should write a script)

Backup is performed automatically to the storage instance of your choice (with a possibility to assign another storages and replication between them)

Data Recovery and backups   

Let’s Sum Up

Bitbucket is a useful git repository platform which brings a lot of benefits to DevOps in their daily work - collaborate across teams, automate CI/CD deployments and build quality code.Though, to ship safely a company should build a reliable backup strategy.
 
For that reason they can use different methods to backup Bitbucket repositories and metadata covered in this article. Though, it’s up to the company to decide which of them meets the organization’s needs and requirements better.   


In you want to learn more, read Bitbucket Backup Best Practices. Try Bitbucket backup on Atlassian Marketplace. 


 

« Cyber Security Budgets Are Misspent
The Most Important Technology Advance In Decades »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Solarflare

Solarflare

Solarflare is a leading provider of intelligent networking I/O software and hardware platforms that accelerate, monitor and secure network data.

National Cyber Security Centre (NCSC) - Norway

National Cyber Security Centre (NCSC) - Norway

NCSC is part of the Norwegian Security Authority, and is Norway's national cyber security hub and the national CERT.

D-Fence

D-Fence

D-Fence high availability security service protects corporate email communication, the company and it's employee's against cyber threats.

NordForsk

NordForsk

NordForsk facilitates and provides funding for Nordic research cooperation and research infrastructure. Project areas include digitalisation and digital security.

IDpendant

IDpendant

IDpendant offers a wide range of services, including authentication technology, client security products, single sign on systems, encryption solutions, card and mobile device management systems.

Solana Networks

Solana Networks

Solana Networks is a specialist in IT networking and security.

PSW Group

PSW Group

PSW Group is a full-service Internet solutions provider with a special focus on Internet security.

Trinity Cyber

Trinity Cyber

Trinity Cyber’s patent-pending technology stops attacks before they reach internal networks,reducing risk and increasing cost to adversaries.

Worldline

Worldline

Worldline IIoT solutions allow industrial companies to start their digital transformation journey with industrial level cyber security standards (IEC 62443 ready).

Oceania Cyber Security Centre (OCSC)

Oceania Cyber Security Centre (OCSC)

OCSC engages with government and industry to conduct research, develop training opportunities and build capacity for responding to current and emerging cyber security issues.

Cybergroot

Cybergroot

Cybergroot provides Cybersecurity Assessment services and professional Information Security trainings.

TempoCap

TempoCap

TempoCap is a European growth-stage technology fund with offices in London and Berlin. We invest across a variety of high- growth sectors including cybersecurity.

AnzenSage

AnzenSage

AnzenSage is a cybersecurity advisory consultancy specializing in security risk resilience for the food sector: agriculture, food manufacturing, food supply chain, vineyards, and wineries.

ThreatNix

ThreatNix

ThreatNix is a tight knit group of experienced security professionals who are committed to providing competent cybersecurity solutions that adhere to international standards.

KCS Group Europe

KCS Group Europe

KCS Group helps its clients to identify and deal with any risks, weaknesses and threats which could impact on the business financially or reputationally.

Fortress SRM

Fortress SRM

Fortress SRM protects companies from the financial, operational, and emotional trauma of cybercrime by improving the security performance of its people, processes, and technology.