Let me bump the other comments about receiving a warning email 24 hours before and only seeing it the day off.
Now, I have I created a new app password and set it in our Team City Server Self Host and it is complaining it is unauthorized.
Test connection failed in SalesReports / Build org.eclipse.jgit.errors.TransportException: https://bitbucket.org/{projectName}/salesreports.git: not authorized
Even worse we have to update credentials on our build servers, agents, and all custom CI/CD apps integrated into our pipeline and all client machines that have GIT install.
For what? I don't see any security benefit here. In fact it is the opposite. App password a statically generated 20 character alpha-numeric with NO special characters. Furthermore, they are static and cannot be changed, in the event they are eventually compromised, and they will be.
The permissions also cannot be changed and since many people will be repeatedly use them throughout their organization, which increases the possibility end users will store plaintext password stored in multiple locations from each client that needs the credentials, like in config files. Also since the permissions are immutable once created default choice will be to give the app password full permissions to everything.
Let's not even take about how they won't be forward compatible with new features. Instead user will be directed to recreate new app password with the new permissions included.
Niether the APP password or SSH setup are working to authentication from Team City .Both fail with
not authorized
The SSH instructions state the key must be confirmed by email but that hasn't come after trying to create two different keys. (Yes my email is configured, I get Atlassian emails including notifications about this thread).
Meanwhile Settings say the SSH key was never used despite numerous not authorized connection attempts and the app password has no timestamp for last access time.
It makes no sense what you have done here. And if I achieve to re-sync shared projects, still to re-config all CI/CD environtments, Github desktops, etc...
I think you've rushed on here, and made it wrong having to rollback.
Don't understand why I can keep using my Atlassian user/pwd pair to sync my projects but don't the shareds. And full rights APP Password for me, does the same, and do not work on shareds too. But even repository author of those shareds created an APP Password and those are not useful too! Those credentials (atlssian pair and app password) do not let you sync those shared projects!
I've tried to re-CLONE (via CMD) on a test folder on my desktop with MY atlasian pair credentials, introduced when promted, one of those shared projects on the DEVELOP branch, and everything work fine! So they work for clone as it seems...
Atlassian Team members are employees working across the company in a wide variety of roles.
March 1, 2022 edited
@Marc Reig have you tried any Git ops (i.e. push/pull/clone) without GitHub Desktop (just using terminal instead) for those shared projects to see if it works fine without GitHub Desktop?
@David Dansby I have an app password but I am unable to commit using SourceTree. In my SourceTree app, under authentication, it shows Authentication: OK. But when I try to push the changes it gives me the below error. Is there anything else I need to do?
Atlassian Team members are employees working across the company in a wide variety of roles.
March 1, 2022 edited
@Mrunmayee Prakash Shirodkar if you are still receiving this error in Sourcetree then Sourcetree is still using your account password, not your new app password. Without knowing more, I can only guess a solution.
However, you most likely need to change the password that Sourcetree is using. I believe you can do this by
navigating to Preferences/Settings -> Accounts
Select Bitbucket Cloud account in question and hit edit
Change the password to your new app password and then save
It doesn't work. I created App Password with full scope. I deleted account in source tree and added new one with basic authentication and app password. I get Authentication ok check. And then when I try fetch branch i get error that I have to create App Password. So what I have to do?
Hi, I am using Sourcetree 3.4.7 and found out today that I can not push to Bitbucket for my project. I have been committing my projects almost 3 to 4 times every day and the last time was yesterday. I tried to use Authentication "Basic" with an app password that I just created and the green check Authentication OK is there. But I still receive the following error message:
git -c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks -c lfs.customtransfer.bitbucket-media-api.path=git-lfs-bitbucket-media-api push -v --tags origin master:master remote: Bitbucket Cloud recently stopped supporting account passwords for Git authentication. remote: See our community post for more details: https://atlassian.community/t5/x/x/ba-p/1948231 remote: App passwords are recommended for most use cases and can be created in your Personal settings: remote: https://bitbucket.org/account/settings/app-passwords/ fatal: Authentication failed for 'https://bitbucket.org/XXXXX.git/'
What should I do to make my Sourectree app work with Bitbucket again?
and inmediatly an small windows appears askig for ATLASSIAN user/password credenctials. Wrote'em, and everything start to sync smoothly.
So it seems it can login through Bitbucket normally, via CMD. So GiutHub Desktop team says it's not their fault, since everything was working until your changes.
I have phpstrom, this is not working at all trying to setup GPG key, but can't find place tyo add this key to bitbucket, can some one provide link to it or explain hot to fix this
Atlassian Team members are employees working across the company in a wide variety of roles.
March 2, 2022 edited
@4dmacau thank you very much for that great update about how to resolve this issue. Can I ask, are you on a Windows machine? Also, were your two teammates that didn't have this issue using Mac?
Atlassian Team members are employees working across the company in a wide variety of roles.
March 2, 2022 edited
@Fabio Goncalves thanks for the suggestion. Unfortunately, that only pushes the auth protocol for Git to use SSH (which does not require an app password). For various reasons, a number of our users prefer to use HTTPS for authentication which now requires an app password, not an Atlassian account password, to authenticate with Bitbucket Cloud.
Atlassian Team members are employees working across the company in a wide variety of roles.
March 2, 2022 edited
@Beneris unfortunately, Bitbucket Cloud does not have signed commits. You can still sign your commits, but unfortunately, you cannot add them to your Bitbucket Cloud account. For reference please see https://jira.atlassian.com/browse/BCLOUD-3166
FYI: For those looking to answers for issues similar to mine.
SSH - Something went wrong on Atlassian's end entering the SSH key. During my call with support deleting the key in account settings and recreating it resolved that issue.
HTTPS - I was previously able to connect using the email associated with my Atlassian account which was `firstName.lastName@myCompanyDomain.com`. This does not work for app passwords with https . You need to use the username which shows in settings under your Atlassian account.
Additionally be GIT URL needed to be updated correctly.
For HTTP- https://[AtlassianUserName]@bitbucket.org/[WorkSpace]/[RepositoryName].git For SSH - git@bitbucket.org:[WorkSpace]/[RepositoryName].git
And a finally caveat: I was integrating with a Team City CD pipeline and initially updated all builds to use SSH, because that was the first thing we could get to work, while we were using different tooling (a custom gitversion) that attempted to connect using HTTPS. This did not work. Initially cloning/checking out the repository associates the GIT repo with a URL (either HTTP or SSH) which must be used thereafter.
This morning, in my case, I can't use Atlassian pair user/pwd on Github Desktop to sync my projects. It doesn't work. I had to use an App password and it started to run normally again. So something changed on Bitbucket side, I guess...
Seen that, I thought that maybe the real problem, the shared ones, would be gone! But my condolences...
- Completly close Github Desktop and developing GUI. Everything releated. - Delete all bitbucket related credentials from Windows "keychain". - Delete entire shared projects folders from my local (not mine projects, only shared ones). Or save on to diferent paths away, if you need to recuperate some made code changes. But be sure the folders are not were they used to be anymore. - Open Github desktop and travel to shared projects. It says they're removed and asks for removing from Github Desktop. Accept removing all of'em. - On to Github Desktop, go to one of your own projects and re-sync (fetch button). It's going to ask for credentials. Write your Atlassian USER, the one appearing on bitbucket personal page. NOT the mail, but the user AS-IS. You need to have an APP Password created with ALL permisions set. All the checks you can check, do it. Save the token received on App password creation, and use it on GitHub Desktop login prompt. - It normally syncs and everything works as expected. So now, it's shared projects turn. - Forget GitHub desktop. Open CMD an do a CLONE of those removed project, with the APP password and atlassian user on it, like this: `C:\Users\*******\AppData\Local\GitHubDesktop\app-2.9.10\resources\app\git\cmd\git.exe clone -b develop https://ATLASSIANUSER:APPPASSWORD@bitbucket.org/*******/*******.git C:\PATH\TO\FOLDER\WHERE\REMOVED` - Everything is going to get on place. And then, back to GitHub Desktop, you need to manually add the project through ADD button and selecting "Add existing repository". Choose your recent cloned path and voilà! - You're free to sync, push, pull or whatever is needed.
Drastic solution, but functional one.
Now I have to resolve piplines to AWS, which are failing on the last part of the deployment with a: `INFO: Deployment created with id xxx. INFO: Waiting for deployment to complete. aws deploy wait deployment-successful --deployment-id xxx Waiter DeploymentSuccessful failed: Waiter encountered a terminal failure state ERROR: Deployment failed. Fetching deployment information... ... "errorInformation": { "message": "The overall deployment failed because too many individual instances failed deployment, too few healthy instances are available for deployment, or some instances in your deployment group are experiencing problems.", "code": "HEALTH_CONSTRAINTS" }, ` don't even know why...
Ok! About pipelines, solved too. Found the error on Bitbucket CI/CD pipelines. Releated with instance health. Found the error on google. Ask to look at AWD console on CodeDeploy movements and search fo the details on errors there appearing. All google searches say: look at the service on the AWS instance running. Be sure its ready and running. It is. They say: look at the logs! I do and found something releated with ssl, ruby, permisions, yada yada... Search the error and a guy says: I usually solve this simply restarting the CodeDeploy service on the instance. Said and done. All works back to normal now.
So for me, all done. Struggling travel, happy end.
@beef623 Have you thought about encrypting your SSH keys?
It's just a keystroke away. Then it wouldn't be less secure to transfer them to other machines, you'd just have to type in your password when using them or once to add them to the SSH agent.
Has this taken effect? I was looking into this today, and noticed all my Git pulls for my repos are still working without switching to an App password. our scripts are using a bitbucket.org user name that is separate from the email address we use to log into bitbucket (ie. sampleguy@company.com to log into the site, but just "sampleguy" to pull repos)
283 comments