diff --git a/roles/bitbucket_mesh/defaults/main.yml b/roles/bitbucket_mesh/defaults/main.yml
index cb3e292..555d898 100644
--- a/roles/bitbucket_mesh/defaults/main.yml
+++ b/roles/bitbucket_mesh/defaults/main.yml
@@ -1,3 +1,7 @@
 mesh_install_dir: /opt/atlassian/mesh
 bitbucket_mesh_maven_repo: https://packages.atlassian.com/maven-external
-bitbucket_mesh_version: "1.3.1"
\ No newline at end of file
+bitbucket_mesh_version: "1.3.1"
+
+# if basic_auth is required for download of atlassian installable artifact, provide the name of an AWS Secrets Manager secret
+#  with values for both password and username
+atl_download_secret_name: ''
\ No newline at end of file
diff --git a/roles/bitbucket_mesh/tasks/main.yml b/roles/bitbucket_mesh/tasks/main.yml
index 5de31ba..44f72aa 100644
--- a/roles/bitbucket_mesh/tasks/main.yml
+++ b/roles/bitbucket_mesh/tasks/main.yml
@@ -13,18 +13,33 @@
     - "{{ atl_home_base }}/{{ atl_product_user }}"
     - "{{ mesh_install_dir }}"
 
-- name: download the mesh distribution using maven
-  community.general.maven_artifact:
-    group_id: "com.atlassian.bitbucket.mesh"
-    artifact_id: "mesh-distribution"
-    extension: "tar.gz"
-    version: "{{ atl_product_version }}"
-    repository_url: "{{ bitbucket_mesh_maven_repo }}"
+
+# optionally grab basic_auth creds from secrets_manager secret called 'download_atlassian'
+- name: set basic_auth facts if the secret exists
+  ansible.builtin.set_fact:
+    download_atlassian_password: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.password', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}"
+    download_atlassian_username: "{{ lookup('amazon.aws.aws_secret', atl_download_secret_name + '.username', region=ansible_ec2_placement_region, bypath=false, nested=true, on_denied='skip', on_missing='skip') }}"
+  failed_when: false
+  ignore_errors: yes
+  no_log: true
+  when:
+    - ansible_ec2_placement_region is defined
+    - atl_download_secret_name is defined
+  tags:
+    - runtime_pkg
+
+# Fetch binary and copy to temp
+# optionally use basic_auth creds from secrets_manager
+- name: Fetch binary
+  ansible.builtin.get_url:
+    url: "{{ atl_product_download_url }}"
     dest: "{{ mesh_install_dir }}"
-    keep_name: yes
-    mode: "0644"
-    owner: "{{ atl_product_user_uid }}"
-    group: "{{ atl_product_user_uid }}"
+    url_password: "{{ download_atlassian_password | default(omit) }}"
+    url_username: "{{ download_atlassian_username | default(omit) }}"
+    owner: "{{ atl_product_user }}"
+    group: "{{ atl_product_user }}"
+    mode: 0644
+    force: false
   register: maven_download
 
 - name: extract the downloaded artifact