Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Sign up for free Log in
Atlassian Community Hero Image Collage

bitbucket-upload-file App password security practices Edited

Samantha_Finnigan
Samantha_Finnigan Jun 17, 2020

I'm looking at bitbucket-upload-file as a potential solution to send Pipelines build results to the Downloads section of my repository.

To do this, it looks like I need to commit a BITBUCKET_APP_PASSWORD variable directly into the repository within the `bitbucket-pipelines.yml` file.

The app password would by necessity have permission to read and write to my repositories, and in using this solution, that password would be published to my (public) repository.

That seems like a Really Bad Idea. Perhaps I'm missing something? Maybe there are better password security practices which I could follow in the deployment of my built code?

Answer
Watch
Like Be the first to like this
229 views

1 answer

1 accepted

1 vote
Answer accepted
ktomk
ktomk Jun 20, 2020

@Samantha_Finnigan Indeed, only use variables in the pipelines by their identifier/name and *set* them in the project settings, the second half of: https://support.atlassian.com/bitbucket-cloud/docs/variables-in-pipelines/

View More Comments
Samantha_Finnigan
Samantha_Finnigan Jun 20, 2020

That's exactly what I was looking for, thanks :)

Like ktomk likes this
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket Pipelines
Bitbucket Pipelines
TAGS
Community showcase
gali.niv
gali.niv
Published in Bitbucket Pipelines

What We Learned When We Researched Open Source Vulnerabilities in 7 Popular Coding Languages

...hey are a part of us, shaping how we interact with the world around us. The same holds true for programming languages when we think about how different kinds of vulnerabilities raise their heads in t...

1,320 views 0 3
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you