Bitbucket Backup Methods

Uploaded on 2023-03-30 in FREE TO VIEW

Promotion 

Bitbucket is one of the largest source code management services for development projects. It can boast of having more than 10 million registered users, who chose this git hosting provider for a reason. It easily integrates with other Atlassian products, like Jira, a leading product management tool. You can simply set up and configure CI/CD in your Bitbucket within 2 effortless steps. So, there are many benefits.

But, what if you lose access to your crucial Bitbucket data? It can lead to business disruption, and more or less significant data loss.

Why do you need a Bitbucket repository and metadata backup?

There are a lot of threats your Bitbucket ecosystem can face. Human mistakes, Atlassian outages, your Bitbucket infrastructure downtime, software and hardware failures, natural disasters, ransomware attacks - are all the potential reasons for your Bitbucket data loss.
 
Is it possible to withstand the mentioned threat situations? Yes, if you have a backup in place.

Top 5 Bitbucket backup methods - good and better options

You can use different methods to back up your Bitbucket environment, yet which one is the most reliable for your organization?
 
To be sure that your Bitbucket repositories and metadata are any-time available and recoverable from any point in time, make sure that your backup includes the following features: 

  • Full Bitbucket data coverage - backs up repositories and all the related metadata, including Wiki, issues, deployment keys, pull requests, tags, LFS, commits, etc.
  • Follow 3-2-1 backup rule - 3 copies stored at 2 different locations (Cloud or local), one of which is offsite
  •  Backup replication between your storage instances
  • Flexible, long-term and unlimited retention
  • AES encryption with your own encryption key
  • Ransomware protection
  • Disaster Recovery technologies. 

Let’s first consider the Bitbucket backup methods the Atlassian offers - Bitbucket DIY Backups, Bitbucket Server Backup Client, and Bitbucket Zero Downtime Backup, and then proceed to other options - Bitbucket backup scripts and Third-party backup tools to secure your Bitbucket environment.

Method # 1 Bitbucket DIY Backup

First, what should be mentioned is that this method is suitable for and supports Bitbucket Server, Bitbucket Data Center, and Bitbucket Mesh instances. This method backs up such data as git repositories, Bitbucket Server logs, the database the instance is connected to, and plugins with their data (which you’ve ever installed).
 
You can use any language you want to implement any custom processes you need. This permits you to to use both your database’s incremental or fast snapshot tools, and the specific tools of your file server as a part of your DIY Backup. 
 
So, the DIY Backup for Bitbucket performs backup within the following steps:

Step # 1 - Prepare Bitbucket Server instance for backup
In order to reduce the risk of losing the data and the downtime, you will have the initial snapshot taken using incremental database and filesystem utilities. It is done with the thought to minimize the work later, especially if you modify a lot of data between backups. During this process you have the initial rsync of the home folder to the backup folder done, as well.

Step # 2 - Initiate the backup:   During this step your Bitbucket Server instance will be locked. Then, your connections to the database and the filesystem will be drained and latched. Finally, at the end of this step all you will need to do is to wait for the drain and latch step to complete.

Step # 3 - Perform operations for DIY Backup:   Now when your Bitbucket Server instance is ready for backup you will need to make a fully consistent backup of the database. For this you will need to use pg_dump. And then, using rsync, you will need to make a fully consistent backup of the filesystem.

Step # 4 - Finish the backup process:   As soon as your backup process is finished, your Bitbucket Server instance will be unlocked.

Step # 5 - Archive the files:   At the final step your system will archive all the backup files and create one big archive.

Method # 2 - Bitbucket Server Backup Client

Another method which is possible to use is Bitbucket Server Backup Client. It is a command line tool provided by Atlassian. That’s why you should run it externally from some other location yet with access to the Bitbucket home directory.
 
Like Bitbucket DIY Backup, with Bitbucket Server Backup Client you won’t be able to backup all the metadata your Bitbucket repository has. Thus, with Backup Client you will be able to make a copy of the database Bitbucket server is connected to, all the repositories you work on, the Bitbucket Server audit logs, and installed plugins and the related data.  
 
The procedure is rather simple. Actually, it is similar to Bitbucket DIY Backup and consists of 5 steps:

  • The Bitbucket Client locks access to your Bitbucket Server data during the backup process, which is called “maintenance mode.”
  • It checks if all operations (git and database) have been finished.
  • The Bitbucket Client makes a generic backup of the Bitbucket Server database and the Set the home directory.
  • Then it stores the completed backup copy on the local file system as a .tar file.
  • Finally, it finishes the maintenance mode and unlocks your Bitbucket Server.

Method # 3 - Bitbucket Zero Downtime Backup

Bitbucket Zero Downtime Backup is a technology developed by Atlassian. But you should remember that it only suits Bitbucket 4.8 and over. This technology permits to back up a Bitbucket instance without maintenance lock and take backups as often as your policy requires.
 
If you decide on this option, you should know what Zero Downtime Backup requires. So, you should have your shared home directory on a file system volume to take atomic snapshots. It permits your database to take those snapshots or restore a snapshot at the same time as the home directory snapshot has already been taken.

Method # 4 - Bitbucket Backup Script

According to the Shared Responsibility Model each user who has some data in Bitbucket is responsible for its security. Atlassian is responsible for the data security of the entire platform, not the individual Bitbucket repositories and metadata.
 
Moreover, the service provider even recommends its users to have daily backups at out-of-office hours to cut down the bandwidth throttling, and retain backups for at least one month in some offsite location.
 
The company can achieve it using the Atlassian backup tools that we mentioned above or by itself - entrusting some developer or a DevOps team to perform all the backup operations manually. It may work well in the beginning but in a long term perspective it will seem time-consuming. Moreover, it will distract your Devops team from their core duties as with the growing number of backups they will need to perform more and more work.
 
There are a lot of scripts written in different languages to backup your Bitbucket repositories. For example, here is one written in python - Bitbucket backup script.

Method # 5 - Third-party backup tools

If you have a strong intention to minimize the time your and your DevOps team spend on backups and automate the process of your Bitbucket backup performance, it’s worth considering a third-party backup solution, like GitProtect.io, a professional Bitbucket backup & DR software.
 
Backup vendor offers a turnkey backup solution, which includes immutable backups to a few storage instances - both cloud and local (which helps to meet the 3-2-1 backup rule), unlimited retention, ransomware protection, and, what is crucial, possibility to monitor how your Bitbucket backups have been performed.
 
When it comes to duties, you will be able to share the responsibilities of data security with a third-party tool, and comply with strict security demands. Actually, a reliable backup is a necessary requirement if you want to pass SOC 2 and ISO 27001 Security Audits.

Backup Methods and their short description 

 

Bitbucket DIY Backup

Bitbucket Server Backup Client

Bitbucket Zero Downtime Backup

Any manual backup script for Bitbucket

Third-party backup tool - GitProtect.io

Downtime during backup performance

Your Bitbucket experiences low downtime (a few seconds) to create a consistent snapshot

Your Bitbucket is locked during the entire backup process (it can take from a few minutes and more)

Your Bitbucket experiences no downtime

Your Bitbucket experiences no downtime (though it may depend on a backup script you use)

Your Bitbucket experiences no downtime (backup process is scheduled and performed automatically with no impact on your workflow)

Backed up data

Bitbucket repositories, logs, database, plugins

Bitbucket 4.8 and over

Depends on your backup script (usually repos only, not metadata)

All Bitbucket repositories and related metadata

Bitbucket DC

Supported

Not supported

Supported

Depends on your backup script (usually supported)

Supported

Description

Backup is done with an incremental copy or Atlassian-specific snapshot technology

Backup is performed with an external utility which locks the entire Bitbucket Server instance to back up the home directory and database

Backup is performed using snapshots (internally consistent & block-level filesystem)

Backup is performed manually (before backup your DevOps team should write a script)

Backup is performed automatically to the storage instance of your choice (with a possibility to assign another storages and replication between them)

Data Recovery and backups   

Let’s Sum Up

Bitbucket is a useful git repository platform which brings a lot of benefits to DevOps in their daily work - collaborate across teams, automate CI/CD deployments and build quality code.Though, to ship safely a company should build a reliable backup strategy.
 
For that reason they can use different methods to backup Bitbucket repositories and metadata covered in this article. Though, it’s up to the company to decide which of them meets the organization’s needs and requirements better.   

In you want to learn more, read Bitbucket Backup Best Practices. Try Bitbucket backup on Atlassian Marketplace. 

 

« Cyber Security Budgets Are Misspent
The Most Important Technology Advance In Decades »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Inter-American Cooperation Portal on Cyber-Crime

Inter-American Cooperation Portal on Cyber-Crime

The Inter-American Cooperation Portal on Cyber-Crime was created to facilitate and streamline cooperation and information exchange among government experts from OAS member states.

Wontok

Wontok

Wontok deliver innovative value-added data security services that fill the gaps left in traditional security solutions.

TestArmy

TestArmy

TestArmy CyberForces provide you with a broad spectrum of cybersecurity services to test every aspect of your IT infrastructure security and software development process.

PreCog Security

PreCog Security

PreCog Security is a US based cybersecurity risk mitigation company. We specialize in helping you find, minimize and manage vulnerability risk within your product, network and process.

Bleam Cyber Security

Bleam Cyber Security

Bleam is a leading provider of Managed Cyber Security Services and Information Security consulting. We deliver enterprise class security services to UK SME’s to stop data breaches.

Xperience

Xperience

Xperience solves our clients’ toughest challenges by delivering business efficiency through digital transformation solutions across cloud, managed IT, CRM and ERP.

Automation Workz

Automation Workz

Automation Workz has been ranked as a top 10 Cybersecurity Bootcamp in the US by Career Karma.

CliftonLarsonAllen (CLA)

CliftonLarsonAllen (CLA)

CLA exists to create opportunities for our clients through industry-focused advisory, outsourcing, audit, tax, and consulting services.

Xmirror Security

Xmirror Security

Xmirror Security focuses on integrated detection and defense of the continuous threat to the DevSecops software supply-chain with artificial intelligence technology as the core.

CloudWave

CloudWave

CloudWave, the expert in healthcare data security, provides cloud, cybersecurity, and managed services to healthcare organizations.

Intuitive Research & Technology Corp

Intuitive Research & Technology Corp

Intuitive Research and Technology is an aerospace engineering and analysis firm providing services to the Department of Defense, government agencies, and commercial companies.

Core4ce

Core4ce

Core4ce is a mission-oriented company that serves as a trusted partner to the national security community.

coc00n

coc00n

coc00n secures the devices of high-value and high-interest individuals against cyber attacks.

Manifest

Manifest

Manifest is a cybersecurity company dedicated to helping enterprises secure their software supply chains.

Hacker School

Hacker School

Hacker School offers technology motivated training programs that provide Cyber Security Certifications and Courses.

Syteca

Syteca

Syteca is specifically designed to secure organizations against threats caused by insiders. It provides full visibility and control over internal risks.