Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

bitbucket-upload-file App password security practices


I'm looking at bitbucket-upload-file as a potential solution to send Pipelines build results to the Downloads section of my repository.

To do this, it looks like I need to commit a BITBUCKET_APP_PASSWORD variable directly into the repository within the `bitbucket-pipelines.yml` file.

The app password would by necessity have permission to read and write to my repositories, and in using this solution, that password would be published to my (public) repository.

That seems like a Really Bad Idea. Perhaps I'm missing something? Maybe there are better password security practices which I could follow in the deployment of my built code?

1 answer

1 accepted

1 vote
Answer accepted

@Samantha Finnigan Indeed, only use variables in the pipelines by their identifier/name and *set* them in the project settings, the second half of:

That's exactly what I was looking for, thanks :)

Like ktomk likes this

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Apps & Integrations

🍻🍂Apptoberfest Update: Upcoming Virtual Events 🎉

Hello Community! I hope you've been enjoying the 🍂Apptoberfestivities🍂 (I know I have!) The event is heating up next week with a series of virtual events that we're calling the 🍻🍂Partner App ...

173 views 3 14
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you