Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Pulling private repositories inside pipelines


I'm evaluating the integration of Bitbucket pipelines to our git workflow for my organization. We have a private repository which is dependent on a couple of other private repositories to generate a build for deployment. We use SSH keys to access our repositories and I also have a pair of keys with read access ready for the pipeline. Can I get some guidance on how to integrate these keys within the pipeline so that I can have a build?

3 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

7 votes
Answer accepted

In order for the build agent to clone the submodules, you can give it SSH access to your Bitbucket account. 
Information on generating an SSH key can be found here:

Set the following commands as the first ones in the step section of your bitbucket-pipelines.yml:

- mkdir ~/.ssh
- echo $SSH_KEY > ~/.ssh/id_rsa.tmp # note: assumes base64 encoded ssh key without a passphrase
- base64 -d ~/.ssh/id_rsa.tmp > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa
- base64 ~/.ssh/id_rsa

Note in this example the SSH key is base64 encoded to preserve new line characters and stored in a secured Pipelines variable named "SSH_KEY".

what if I don't want to commit a ssh-key with write access in the repo ?

Answering my own question: you can setup a "deployment key" in Bitbucket which only has read-access to the repo

And you can setup ENV VAR via the Bitbucket interface no need to commit it smile

In addition to that I had to add the following line for SSH not to verify host keys

- 'echo -e "Host *\n StrictHostKeyChecking no\n UserKnownHostsFile=/dev/null" > ~/.ssh/config'

Strangely enough Pipeline does not  recognize's SSH keys by default.

I added Bitbucket as a known host as per a question in this FAQ instead of stopping StrictHostKeyChecking -

Code block I used

- echo ", ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==" >> /root/.ssh/known_hosts
Like Jeroen De Raedt likes this
1 vote

See also: (specifically targeted at the issue of cloning private repositories)

and (more general info on setting up ssh public-key auth for use in Pipelines)



Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you