Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,457,608
Community Members
 
Community Events
176
Community Groups

Confused about Bitbucket account and branch permission

Edited

I am a bit confused with using Bitbucket. I have two working emails:

first_email@gmail.com - registered in Bitbucket by Signing with Gmail. Account that holds the repositories.

second_email@gmail.com. - registered in Github, used when pushing commits.

When I edit a file in my repo directly, create branch, or pull request via Bitbucket Cloud. I can see that the author is the first_email.

When developing and pushing commits from work laptop, I see that the author is second_email.

Before when my repositories do not have SSH setup, its asking Git account credential on every push and I am using second_email ever since. But after setting SSH it no longer ask for credentials.

Note:

The way I install git is via GitHub desktop and logged in using second_email.

My question are:

1. Why does my Git credential when pushing no longer being requested after setting SSH? Why is second_email automatically used when doing push? Is it because of Github desktop?

2. Can I also use first_email when pushing commits? Is Bitbucket account similar with a Github account in a sense that we can use it for pushing/commits as well? If yes, then what will be the account credential since it is password less as it was created via Gmail.

3. I tried exploring Branch permission as I want to prevent any direct push on master/main and release/* branches. I will only allow these two branches to be updated via merge on pull request using first_email with Bitbucket Cloud. Then branches like feature, hotfix, bugfix, or develop will allow pushes on everyone that has access to the private repo.

Screenshot 2022-01-15 214711.png

On release/* if I do not set first_email for write access, I will not be able to branch out from branches like hotfix or feature. But doing so allows me to direct push on release/* using second_email. Why is this happening, I expect that second_email should not be able to do direct push since I only set first_email which is Bitwise Devs?

1 answer

2 votes
Caroline R Atlassian Team Jan 21, 2022

Hi,  @Jensen Louise Lim, thank you for reaching out to Atlassian Community.

Based on your description, this behavior seems to be related to your setup on git config

Just to give you some context around this, credentials and commit authors are two separate concepts and are unrelated to each other. When a push is made to Bitbucket, we receive your credentials and check if the provided credentials are able to push to the repository you are trying to. If the HTTPS or SSH credentials are correct and are authorized, the push is performed, otherwise, it will fail. This is what we use to check authorization and confirm if the user who is pushing to Bitbucket is who they say they are.

The commit author, which is a different configuration from your credentials, is not checked on push time, and this is expected. What you see on the commits page is this configuration coming from Git, and not the credentials used to authenticate against Bitbucket.

In order to check that, you can run the following commands to see which account is configured on git:

$ git config --global --list

$ git config --local --list 

Just to clarify, in order to set the username and email on Git, you can run these commands:

#Set your username:
git config --global user.name "FIRST_NAME LAST_NAME"

#Set your email:
git config --global user.email "MY_NAME@example.com"

Now, answering your question about Git credential no longer asking you to inform a password when pushing new information (after setting SSH):

When using SSH, Git won't ask you for your username and password. Git might ask you to enter the passphrase for the SSH key. However, it will not ask for your passphrase if:

  • You haven’t set a password for this SSH key;

  • You configured your git to not ask for your passphrase (check the session Add the key to the ssh-agent here Set up an SSH key to understand how to configure this)

And, responding to your question about branch permissions, you mentioned that Bitbucket is allowing you to push to release/* using second_email. This is happening because, as I mentioned above, when you push new changes to your repo, Bitbucket receives your credentials and check if the provided credentials are linked to a user who is authorized to push to this repository. 

Besides that, I would like to inform you that in case you don’t want to use an SSH key, you can change your method to HTTPS and create an App password to authenticate.

I hope this helps, but do let me know if you have any questions. 

Kind regards,
Caroline

Good day @Caroline R ,

Thank you for a detailed answer, however I still got question.

1. Can I use my Bitbucket account for Git credential when pushing just like how I use my Github when using HTTPS? It was register with Sign in via Gmail/Google thus I do not know how and what to provide on password.

2. Does having SSH setup means that every access like push, pull, etc. will check its credibility based on public key that was added in SSH settings and no not with Git credential which is being use with HTTPS?

 

Also why am I seeing first_email in the pipelines

Screenshot 2022-01-22 102001.png

But the author of commit that triggers it is second_email

Screenshot 2022-01-22 102118.png

Hi, @Jensen Louise Lim

Allow me to reply to each of your questions directly and feel free to share any further concerns about the information I will share with you. 

1. Can I use my Bitbucket account for Git credential when pushing just like how I use my Github when using HTTPS? It was register with Sign in via Gmail/Google thus I do not know how and what to provide on password.

As you confirmed you access your account using the Gmail option (which means you don’t use a Bitbucket password), in order to perform actions that required a password on the terminal (when using the HTTPS method), you can use an App Password to authenticate. You can follow the steps described on this documentation to create this app password:

2. Does having SSH setup means that every access like push, pull, etc. will check its credibility based on public key that was added in SSH settings and no not with Git credential which is being use with HTTPS?

In order to authenticate your git operations, you can use either HTTPS or SSH. If you have configured your git to use SSH, then Git will check if your SSH is valid and has access to the repository. If you use the HTTPS method, then you will need to inform a password to authenticate (an app password, as described in the last question). In order to check and update the URL of your Git repositories to change the method you are using to authenticate, you can follow the next steps:

1. From a terminal, navigate to the repository:

 $ cd ~/<path_to_repo>

2. Run git remote -v to see the current remote URL: 

$ git remote -v
origin https://emmap1@bitbucket.org/tutorials/tutorials.git.bitbucket.org.git (fetch)
origin https://emmap1@bitbucket.org/tutorials/tutorials.git.bitbucket.org.git (push)

Update the remote URL with git remote set-url using the new remote URL: 

$ git remote set-url origin https://{your_username}@bitbucket.org/{workspace_ID}/{repository_name}.git

You can read more about Git repository URL formats here:

3. Also why am I seeing first_email in the pipelines but the author of commit that triggers it is second_email

This is expected as the author of the commit will be the user set in your local Git configurations, but in Pipelines, it will show the authorized user in your repository.

In summary, currently, users can make changes to their local Git configuration to use a different username and email that is different than their primary Atlassian/Bitbucket Cloud email, and if the email used in their local Git configuration is not set as an email alias on Bitbucket Cloud, the commits they push will not be linked to any accounts. We already have a feature request to prevent unmapped users from pushing as you can see here: 

I hope this clarifies the situation, but please don't hesitate to ask for any further information if needed.

Kind regards,
Caroline 

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events