Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,465,582
Community Members
 
Community Events
176
Community Groups

App Passwords

We're looking to use App Passwords for our CI/CD pipelines to pull code from bitbucket cloud but we're unsure about a particular use case. I am a CloudOps engineer who generates an App Password for teamcity to clone repos from Bitbucket cloud. What happens to my app passwords should I leave the company and my account is removed? Are the app passwords removed too?

Alternatively, we would setup a service account with an email address for the service, teamcity in our case. Then we would create a bitbucket account for this email address and setup App Passwords under that account. Is this permitted by bitbucket cloud?

1 answer

0 votes

Hi @nmoore  and welcome to the community!

An app-password is associated with a certain Bitbucket Cloud account. So, if the account gets deleted, deactivated or its access from the company's repos is removed, then HTTPS authentication with this account won't work.

It is perfectly fine to create another Bitbucket Cloud account as a service account, with an email address that is not tied to a specific individual. Please keep in mind though that you'll need to add this account to the company's workspace, and it will count towards the workspace's users. If you have a paid plan, this means that you'll pay for one extra user.

Some additional options, instead of that, are the following:

1. Use access keys, if you CI/CD tool supports that.

You generate an SSH key pair, the private SSH key should exist on your CI/CD server, and the public key can be added to each repository's Access keys (from the Repository settings page).

You can add the public SSH key to as many repos as you want, and this will give your server read-only access to these repos.

You can find more details here:

2. Another option is to use OAuth, if you CI/CD tool supports that.

You can generate an OAuth consumer from the workspace's Settings, so this is not tied to a specific Bitbucket Cloud account.

You can find more info on OAuth here:

If you have any questions, please feel free to let me know.

Kind regards,
Theodora

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events