Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,556,422
Community Members
 
Community Events
184
Community Groups

Ability to restrict access to pipeline artifacts?

ninjadroo
ninjadroo Oct 20, 2022

I'm curious if there is a way to restrict access to who can view/download pipeline artifacts.  We are using deployment variables and parallel steps within a pipeline.  We have found that it is not possible to utilize the deployment variables across all parallel steps and must instead write the variables to a file which is used by subsequent steps.

This unfortunately now exposes the protected keys/tokens to all users running the pipeline as they can download the artifact with the data inside.

Is there an access privilege I'm missing that can prevent this or a different method of using deployment variables with a pipeline that uses parallel steps?

Answer
Watch
Like Be the first to like this
126 views

1 answer

0 votes
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Oct 24, 2022

Hi @ninjadroo and welcome to the community.

I'm afraid that there is no way to restrict access to artifacts at the moment.

We have a feature request for restricting the manual download of artifacts: https://jira.atlassian.com/browse/BCLOUD-17277

Please keep in mind though that artifacts are files available during a pipelines build. Even if this feature request is implemented, it would still be possible for someone with write access to the repo to edit the bitbucket-pipelines.yml file and add in the script a cat command that shows the contents of an artifact file in the Pipelines build log.

We recently released a feature called stages that allows for multi-step deployments:

With this feature, you can use a deployment environment in a stage that consists of multiple steps. Then, the deployment variables of this environment will be available to all steps of the stage.

This may be a good alternative to using artifacts. Please keep in mind though that the feature is still in beta and it doesn't support parallel steps yet. You can view the full list of limitations at the end of the documentation page I shared, and I could create a feature request for supporting parallel steps in a stage if you'd be interested in that.

Kind regards,
Theodora

View More Comments
ninjadroo
ninjadroo Oct 25, 2022

Thank you very much for the information!  It is unfortunate that the functionality isn't there as we attempt to lock down and secure our repository and pipelines.  However, stages supporting parallel steps sounds like the more promising fix for us.  

Are parallel steps on the roadmap? Or is the functionality just not technically feasible?

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Oct 26, 2022

Hi @ninjadroo,

You are very welcome and I understand your concerns. The suggestion I can make regarding security would be to use deployment variables instead of artifacts with the stages feature, if you're willing to work without parallelization for now and if the stages' limitations are not a problem for you.

With the Premium plan, you can make use of deployment permissions. For each environment in the deployment environment settings, there is an option "Only allow admins to deploy to this environment". Enabling this setting ensures that no one other than admins can run deployments and any deployment variables cannot be accessed by someone who is not an admin. Please keep in mind that a deployment by a non-admin will then be automatically paused and can only be resumed manually by an administrator.

If you would like to try this out and if you need any assistance adjusting your bitbucket-pipelines.yml file, you can post the structure of your yml file here so I can take a look and give you suggestions. Alternatively, you can also create a ticket (which will be visible only to you and Atlassian) with the support team to ask for assistance, this way you can get assistance without posting any details here publicly. You can create a ticket via https://support.atlassian.com/contact/#/, in "What can we help you with?" select "Technical issues and bugs" and then Bitbucket Cloud as product.

Parallel steps in a stage are not on the roadmap yet, I have created a feature request about it here: https://jira.atlassian.com/browse/BCLOUD-22214

You can add your vote and feedback to that feature request to further express your interest. You can also add yourself as a watcher if you'd like to get notified via email on updates.

If you have any other questions, please feel free to let me know!

Kind regards,
Theodora

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

See all events