Installing the application

  • Last updated: September 14, 2023

  • Read time: 4 Minutes

Burp Suite Enterprise Edition uses Helm to manage installation and configuration. In order to install the application you first need to download its Helm chart.

Downloading the Helm chart

The Burp Suite Enterprise Edition Helm chart is a deployment descriptor for Kubernetes that, when run, configures Burp Suite Enterprise Edition in a "ready-to-run" state. It is designed to work with any Kubernetes cluster that meets the prerequisites for Burp Suite Enterprise Edition.

To download the Helm chart, click the button below to display details of the most recent Kubernetes release of Burp Suite Enterprise Edition, and then click Download.

Latest Kubernetes release

Once the chart is downloaded, unpack it into a directory of your choice. Note that you will need the name of this directory when running commands against the chart.


While it is technically possible to customize the Helm chart, please note that we are unable to offer support on this process. For more information on Kubernetes support, see the Support scope for Kubernetes deployments page.

Providing custom values for the Helm chart

The provided values.yaml file contains the default values that will be passed to the Helm chart when you run it. You can modify this file to customize these values. Please contact our support team if you need any additional guidance.

Note for Oracle users

If you want to use an Oracle database, you need to manually enable Oracle support by modifying the provided values.yaml file as follows:

support: oracle: true

Adding a TLS certificate

A TLS certificate makes sure your connection to Burp Suite Enterprise is secure. You can use the values.yaml file to add a TLS certificate.

The TLS certificate must have the following properties:

  • Use a PKCS#12 certificate with a .p12 file extension. The .psx format is not supported.
  • The certificate must have a passphrase.
  • The certificate must include a Subject Alternative Name (SAN).


If you want to use a TLS certificate from your existing deployment, you can set useDeprecatedHttpConfigFromDatabase to true.

To add or update a TLS certificate:

  1. Use the following command to create a Kubernetes secret that contains your TLS certificate. The secret needs to contain the certificate, and the passphrase:

    kubectl -n <namespace> create secret generic bsee-web-server-https --from-file=certificate=<your certificate name>.p12 --from-literal=passphrase=<your passphrase>
  2. In the values.yaml file, set the values for services.webServer as follows:

    • Set useDeprecatedHttpConfigFromDatabase to false.
    • Set useHttps to true.
    • Set a value for the httpsPort (the default is 8443).
    • Enter the name and key for the secrets for the certificate and the passphrase.


If you later decide to switch between an HTTPS and an HTTP connection, you need to set useHttps to false, and perform a Helm upgrade.

Configuring the database details

In the values.yaml file, set the values for database within the quote marks, as follows:

  • Set url to the JDBC URL of your database. The format for the URL changes depending on the type of database you want to use. For more information on JDBC URLs in Burp Suite Enterprise Edition, see Database connection URL format.
  • Set enterpriseServerUsername for the user that you want Enterprise Server to use to connect to the database.

    • Additionally, if your database requires a different format for the username when connecting externally (for example, user-name@server-name), set enterpriseServerConnectionUsername to the connection username.
  • Set enterpriseServerPassword to the password for the Enterprise Server database connection.
  • Set scanningResourceUsername to the username of the scanning machine database user.

    • Additionally, if your database requires a different format for the username when connecting externally (for example, user-name@server-name), set scanningResourceConnectionUsername for the scanning machine database user.
  • Set scanningResourcePassword to the password of the scanning machine database user.

Using the Helm chart

To install Burp Suite Enterprise Edition once you have downloaded the Helm chart, first make sure that you have created the namespace that you want to use for the deployment. This is the same namespace that you used for your PersistentVolumeClaim.

Next, run the following command:

helm install -n <namespace> <deployment name> <name of directory containing the chart>

For example, to use a chart located in enterprise-helm-folder to deploy Burp Suite Enterprise Edition to a deployment called bsee-deployment with a namespace of bsee-namespace, you would run:

helm install -n bsee-namespace bsee-deployment enterprise-helm-folder

Extracting the web server IP address

Once the installation process is complete, you need to extract your Burp Suite Enterprise Edition external IP address to access the application. If you've used our template, the address of the webserver console is displayed after successful deployment. Otherwise run the following command to find the address:

kubectl get services -n <namespace>

This command displays details of all services in the namespace, including their external IP address. The external IP of the web server service is the IP you need to access Burp Suite Enterprise Edition.


If you've used your own Ingress controller, you need to use your own configured address.


There are potential security implications to leaving Burp Suite Enterprise Edition in an unconfigured state. We recommend completing the rest of the configuration as soon as possible.

Next step - Activate your license

Was this article helpful?