Bitbucket Backup Methods

Uploaded on 2023-03-30 in FREE TO VIEW

Promotion 

Bitbucket is one of the largest source code management services for development projects. It can boast of having more than 10 million registered users, who chose this git hosting provider for a reason. It easily integrates with other Atlassian products, like Jira, a leading product management tool. You can simply set up and configure CI/CD in your Bitbucket within 2 effortless steps. So, there are many benefits.

But, what if you lose access to your crucial Bitbucket data? It can lead to business disruption, and more or less significant data loss.

Why do you need a Bitbucket repository and metadata backup?

There are a lot of threats your Bitbucket ecosystem can face. Human mistakes, Atlassian outages, your Bitbucket infrastructure downtime, software and hardware failures, natural disasters, ransomware attacks - are all the potential reasons for your Bitbucket data loss.
 
Is it possible to withstand the mentioned threat situations? Yes, if you have a backup in place.

Top 5 Bitbucket backup methods - good and better options

You can use different methods to back up your Bitbucket environment, yet which one is the most reliable for your organization?
 
To be sure that your Bitbucket repositories and metadata are any-time available and recoverable from any point in time, make sure that your backup includes the following features: 

  • Full Bitbucket data coverage - backs up repositories and all the related metadata, including Wiki, issues, deployment keys, pull requests, tags, LFS, commits, etc.
  • Follow 3-2-1 backup rule - 3 copies stored at 2 different locations (Cloud or local), one of which is offsite
  •  Backup replication between your storage instances
  • Flexible, long-term and unlimited retention
  • AES encryption with your own encryption key
  • Ransomware protection
  • Disaster Recovery technologies. 

Let’s first consider the Bitbucket backup methods the Atlassian offers - Bitbucket DIY Backups, Bitbucket Server Backup Client, and Bitbucket Zero Downtime Backup, and then proceed to other options - Bitbucket backup scripts and Third-party backup tools to secure your Bitbucket environment.

Method # 1 Bitbucket DIY Backup

First, what should be mentioned is that this method is suitable for and supports Bitbucket Server, Bitbucket Data Center, and Bitbucket Mesh instances. This method backs up such data as git repositories, Bitbucket Server logs, the database the instance is connected to, and plugins with their data (which you’ve ever installed).
 
You can use any language you want to implement any custom processes you need. This permits you to to use both your database’s incremental or fast snapshot tools, and the specific tools of your file server as a part of your DIY Backup. 
 
So, the DIY Backup for Bitbucket performs backup within the following steps:

Step # 1 - Prepare Bitbucket Server instance for backup
In order to reduce the risk of losing the data and the downtime, you will have the initial snapshot taken using incremental database and filesystem utilities. It is done with the thought to minimize the work later, especially if you modify a lot of data between backups. During this process you have the initial rsync of the home folder to the backup folder done, as well.

Step # 2 - Initiate the backup:   During this step your Bitbucket Server instance will be locked. Then, your connections to the database and the filesystem will be drained and latched. Finally, at the end of this step all you will need to do is to wait for the drain and latch step to complete.

Step # 3 - Perform operations for DIY Backup:   Now when your Bitbucket Server instance is ready for backup you will need to make a fully consistent backup of the database. For this you will need to use pg_dump. And then, using rsync, you will need to make a fully consistent backup of the filesystem.

Step # 4 - Finish the backup process:   As soon as your backup process is finished, your Bitbucket Server instance will be unlocked.

Step # 5 - Archive the files:   At the final step your system will archive all the backup files and create one big archive.

Method # 2 - Bitbucket Server Backup Client

Another method which is possible to use is Bitbucket Server Backup Client. It is a command line tool provided by Atlassian. That’s why you should run it externally from some other location yet with access to the Bitbucket home directory.
 
Like Bitbucket DIY Backup, with Bitbucket Server Backup Client you won’t be able to backup all the metadata your Bitbucket repository has. Thus, with Backup Client you will be able to make a copy of the database Bitbucket server is connected to, all the repositories you work on, the Bitbucket Server audit logs, and installed plugins and the related data.  
 
The procedure is rather simple. Actually, it is similar to Bitbucket DIY Backup and consists of 5 steps:

  • The Bitbucket Client locks access to your Bitbucket Server data during the backup process, which is called “maintenance mode.”
  • It checks if all operations (git and database) have been finished.
  • The Bitbucket Client makes a generic backup of the Bitbucket Server database and the Set the home directory.
  • Then it stores the completed backup copy on the local file system as a .tar file.
  • Finally, it finishes the maintenance mode and unlocks your Bitbucket Server.

Method # 3 - Bitbucket Zero Downtime Backup

Bitbucket Zero Downtime Backup is a technology developed by Atlassian. But you should remember that it only suits Bitbucket 4.8 and over. This technology permits to back up a Bitbucket instance without maintenance lock and take backups as often as your policy requires.
 
If you decide on this option, you should know what Zero Downtime Backup requires. So, you should have your shared home directory on a file system volume to take atomic snapshots. It permits your database to take those snapshots or restore a snapshot at the same time as the home directory snapshot has already been taken.

Method # 4 - Bitbucket Backup Script

According to the Shared Responsibility Model each user who has some data in Bitbucket is responsible for its security. Atlassian is responsible for the data security of the entire platform, not the individual Bitbucket repositories and metadata.
 
Moreover, the service provider even recommends its users to have daily backups at out-of-office hours to cut down the bandwidth throttling, and retain backups for at least one month in some offsite location.
 
The company can achieve it using the Atlassian backup tools that we mentioned above or by itself - entrusting some developer or a DevOps team to perform all the backup operations manually. It may work well in the beginning but in a long term perspective it will seem time-consuming. Moreover, it will distract your Devops team from their core duties as with the growing number of backups they will need to perform more and more work.
 
There are a lot of scripts written in different languages to backup your Bitbucket repositories. For example, here is one written in python - Bitbucket backup script.

Method # 5 - Third-party backup tools

If you have a strong intention to minimize the time your and your DevOps team spend on backups and automate the process of your Bitbucket backup performance, it’s worth considering a third-party backup solution, like GitProtect.io, a professional Bitbucket backup & DR software.
 
Backup vendor offers a turnkey backup solution, which includes immutable backups to a few storage instances - both cloud and local (which helps to meet the 3-2-1 backup rule), unlimited retention, ransomware protection, and, what is crucial, possibility to monitor how your Bitbucket backups have been performed.
 
When it comes to duties, you will be able to share the responsibilities of data security with a third-party tool, and comply with strict security demands. Actually, a reliable backup is a necessary requirement if you want to pass SOC 2 and ISO 27001 Security Audits.

Backup Methods and their short description 

 

Bitbucket DIY Backup

Bitbucket Server Backup Client

Bitbucket Zero Downtime Backup

Any manual backup script for Bitbucket

Third-party backup tool - GitProtect.io

Downtime during backup performance

Your Bitbucket experiences low downtime (a few seconds) to create a consistent snapshot

Your Bitbucket is locked during the entire backup process (it can take from a few minutes and more)

Your Bitbucket experiences no downtime

Your Bitbucket experiences no downtime (though it may depend on a backup script you use)

Your Bitbucket experiences no downtime (backup process is scheduled and performed automatically with no impact on your workflow)

Backed up data

Bitbucket repositories, logs, database, plugins

Bitbucket 4.8 and over

Depends on your backup script (usually repos only, not metadata)

All Bitbucket repositories and related metadata

Bitbucket DC

Supported

Not supported

Supported

Depends on your backup script (usually supported)

Supported

Description

Backup is done with an incremental copy or Atlassian-specific snapshot technology

Backup is performed with an external utility which locks the entire Bitbucket Server instance to back up the home directory and database

Backup is performed using snapshots (internally consistent & block-level filesystem)

Backup is performed manually (before backup your DevOps team should write a script)

Backup is performed automatically to the storage instance of your choice (with a possibility to assign another storages and replication between them)

Data Recovery and backups   

Let’s Sum Up

Bitbucket is a useful git repository platform which brings a lot of benefits to DevOps in their daily work - collaborate across teams, automate CI/CD deployments and build quality code.Though, to ship safely a company should build a reliable backup strategy.
 
For that reason they can use different methods to backup Bitbucket repositories and metadata covered in this article. Though, it’s up to the company to decide which of them meets the organization’s needs and requirements better.   

In you want to learn more, read Bitbucket Backup Best Practices. Try Bitbucket backup on Atlassian Marketplace. 

 

« Cyber Security Budgets Are Misspent
The Most Important Technology Advance In Decades »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

RIVA Solutions

RIVA Solutions

RIVA provides innovative best practices in IT and management consulting, program support services and emerging technologies.

Athena Dynamics

Athena Dynamics

Athena Dynamics focuses on Cyber Security, especially in Critical Information Infra-structure Protection and Enterprise IT Operation Management products and Services.

SAS Institute

SAS Institute

SAS is a leader in business analytics software and services providing solutions for a wide range of critical business areas including risk management, compliance and fraud prevention.

H3C Group

H3C Group

H3C provides a full range of Computer, Storage, Networking and Security solutions.

G DATA CyberDefense

G DATA CyberDefense

G Data developed the world's first antivirus software. We now ensure the security of small, large and medium-sized companies all over the world.

Excelerate Systems

Excelerate Systems

Excelerate Systems is a leading provider of IT services with a focus on Big Data, Cloud Services and Security.

Keynetic Technologies

Keynetic Technologies

Keynetic focuses on developing cybersecurity solutions for Industry 4.0.

Fiserv

Fiserv

Fiserv offers a wide array of Risk & Compliance solutions to help you prevent losses from fraud and ensure adherence to regulatory and compliance mandates.

SHe CISO Exec

SHe CISO Exec

SHe CISO Exec is a sustainable global training and mentoring platform in information security and leadership.

TAV Technologies

TAV Technologies

TAV Technologies is a provider of technology services to the aviation industry in areas including airport infrastructure systems, digital transformation and cybersecurity.

Fusion Risk Management

Fusion Risk Management

Fusion Risk Management focuses on operational resilience encompassing business continuity, risk management, IT risk, and crisis and incident management.

Prancer

Prancer

Prancer is the industry's first cloud-native, self-service SAAS platform for automated security validation and penetration testing in the cloud.

Nuts Technologies

Nuts Technologies

Nuts Technologies are simplifying data privacy and encryption with our innovative and novel data containers we call nuts based on our Zero Trust Data framework.

Elastio

Elastio

Elastio's cloud-native platform safeguards cloud data from the risks posed by ransomware, application failures and storage security vulnerabilities.

ADNET Technologies

ADNET Technologies

ADNET Technologies is a SOC 2, Type II Compliant IT management and cybersecurity firm.

Athena7

Athena7

Athena7 is a dedicated assessment practice committed to helping organizations understand how their infrastructure, backups, and security controls will withstand the latest threat actor tactics.