Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

App Passwords

nmoore I'm New Here Nov 19, 2020

We're looking to use App Passwords for our CI/CD pipelines to pull code from bitbucket cloud but we're unsure about a particular use case. I am a CloudOps engineer who generates an App Password for teamcity to clone repos from Bitbucket cloud. What happens to my app passwords should I leave the company and my account is removed? Are the app passwords removed too?

Alternatively, we would setup a service account with an email address for the service, teamcity in our case. Then we would create a bitbucket account for this email address and setup App Passwords under that account. Is this permitted by bitbucket cloud?

1 answer

0 votes

Hi @nmoore  and welcome to the community!

An app-password is associated with a certain Bitbucket Cloud account. So, if the account gets deleted, deactivated or its access from the company's repos is removed, then HTTPS authentication with this account won't work.

It is perfectly fine to create another Bitbucket Cloud account as a service account, with an email address that is not tied to a specific individual. Please keep in mind though that you'll need to add this account to the company's workspace, and it will count towards the workspace's users. If you have a paid plan, this means that you'll pay for one extra user.

Some additional options, instead of that, are the following:

1. Use access keys, if you CI/CD tool supports that.

You generate an SSH key pair, the private SSH key should exist on your CI/CD server, and the public key can be added to each repository's Access keys (from the Repository settings page).

You can add the public SSH key to as many repos as you want, and this will give your server read-only access to these repos.

You can find more details here:

2. Another option is to use OAuth, if you CI/CD tool supports that.

You can generate an OAuth consumer from the workspace's Settings, so this is not tied to a specific Bitbucket Cloud account.

You can find more info on OAuth here:

If you have any questions, please feel free to let me know.

Kind regards,
Theodora

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Powering DevOps with Bitbucket Server & Data Center

Hi everyone, The Cloud team recently announced 12 new DevOps features that help developers ship better code, faster   ! While we’re all excited about the new improvements to Bitbucket ...

2,111 views 0 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you