Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Pulling private repositories inside pipelines


I'm evaluating the integration of Bitbucket pipelines to our git workflow for my organization. We have a private repository which is dependent on a couple of other private repositories to generate a build for deployment. We use SSH keys to access our repositories and I also have a pair of keys with read access ready for the pipeline. Can I get some guidance on how to integrate these keys within the pipeline so that I can have a build?

3 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

7 votes
Answer accepted

In order for the build agent to clone the submodules, you can give it SSH access to your Bitbucket account. 
Information on generating an SSH key can be found here:

Set the following commands as the first ones in the step section of your bitbucket-pipelines.yml:

- mkdir ~/.ssh
- echo $SSH_KEY > ~/.ssh/id_rsa.tmp # note: assumes base64 encoded ssh key without a passphrase
- base64 -d ~/.ssh/id_rsa.tmp > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa
- base64 ~/.ssh/id_rsa

Note in this example the SSH key is base64 encoded to preserve new line characters and stored in a secured Pipelines variable named "SSH_KEY".

what if I don't want to commit a ssh-key with write access in the repo ?

Answering my own question: you can setup a "deployment key" in Bitbucket which only has read-access to the repo

And you can setup ENV VAR via the Bitbucket interface no need to commit it smile

In addition to that I had to add the following line for SSH not to verify host keys

- 'echo -e "Host *\n StrictHostKeyChecking no\n UserKnownHostsFile=/dev/null" > ~/.ssh/config'

Strangely enough Pipeline does not  recognize's SSH keys by default.

I added Bitbucket as a known host as per a question in this FAQ instead of stopping StrictHostKeyChecking -

Code block I used

- echo ", ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==" >> /root/.ssh/known_hosts
Like Jeroen De Raedt likes this
1 vote

See also: (specifically targeted at the issue of cloning private repositories)

and (more general info on setting up ssh public-key auth for use in Pipelines)



Atlassian Community Events