Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confused about Bitbucket account and branch permission

Bitwise DEVS
Bitwise DEVS January 15, 2022

I am a bit confused with using Bitbucket. I have two working emails:

first_email@gmail.com - registered in Bitbucket by Signing with Gmail. Account that holds the repositories.

second_email@gmail.com. - registered in Github, used when pushing commits.

When I edit a file in my repo directly, create branch, or pull request via Bitbucket Cloud. I can see that the author is the first_email.

When developing and pushing commits from work laptop, I see that the author is second_email.

Before when my repositories do not have SSH setup, its asking Git account credential on every push and I am using second_email ever since. But after setting SSH it no longer ask for credentials.

Note:

The way I install git is via GitHub desktop and logged in using second_email.

My question are:

1. Why does my Git credential when pushing no longer being requested after setting SSH? Why is second_email automatically used when doing push? Is it because of Github desktop?

2. Can I also use first_email when pushing commits? Is Bitbucket account similar with a Github account in a sense that we can use it for pushing/commits as well? If yes, then what will be the account credential since it is password less as it was created via Gmail.

3. I tried exploring Branch permission as I want to prevent any direct push on master/main and release/* branches. I will only allow these two branches to be updated via merge on pull request using first_email with Bitbucket Cloud. Then branches like feature, hotfix, bugfix, or develop will allow pushes on everyone that has access to the private repo.

Screenshot 2022-01-15 214711.png

On release/* if I do not set first_email for write access, I will not be able to branch out from branches like hotfix or feature. But doing so allows me to direct push on release/* using second_email. Why is this happening, I expect that second_email should not be able to do direct push since I only set first_email which is Bitwise Devs?

Answer
Watch
Like Be the first to like this
397 views

1 answer

2 votes
Caroline R
Caroline R
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 21, 2022

Hi,  @Bitwise DEVS, thank you for reaching out to Atlassian Community.

Based on your description, this behavior seems to be related to your setup on git config

Just to give you some context around this, credentials and commit authors are two separate concepts and are unrelated to each other. When a push is made to Bitbucket, we receive your credentials and check if the provided credentials are able to push to the repository you are trying to. If the HTTPS or SSH credentials are correct and are authorized, the push is performed, otherwise, it will fail. This is what we use to check authorization and confirm if the user who is pushing to Bitbucket is who they say they are.

The commit author, which is a different configuration from your credentials, is not checked on push time, and this is expected. What you see on the commits page is this configuration coming from Git, and not the credentials used to authenticate against Bitbucket.

In order to check that, you can run the following commands to see which account is configured on git:

$ git config --global --list

$ git config --local --list

Just to clarify, in order to set the username and email on Git, you can run these commands:

#Set your username:
git config --global user.name "FIRST_NAME LAST_NAME"

#Set your email:
git config --global user.email "MY_NAME@example.com"

Now, answering your question about Git credential no longer asking you to inform a password when pushing new information (after setting SSH):

When using SSH, Git won't ask you for your username and password. Git might ask you to enter the passphrase for the SSH key. However, it will not ask for your passphrase if:

  • You haven’t set a password for this SSH key;

  • You configured your git to not ask for your passphrase (check the session Add the key to the ssh-agent here Set up an SSH key to understand how to configure this)

And, responding to your question about branch permissions, you mentioned that Bitbucket is allowing you to push to release/* using second_email. This is happening because, as I mentioned above, when you push new changes to your repo, Bitbucket receives your credentials and check if the provided credentials are linked to a user who is authorized to push to this repository. 

Besides that, I would like to inform you that in case you don’t want to use an SSH key, you can change your method to HTTPS and create an App password to authenticate.

I hope this helps, but do let me know if you have any questions. 

Kind regards,
Caroline

View More Comments
Bitwise DEVS
Bitwise DEVS January 21, 2022

Good day @Caroline R ,

Thank you for a detailed answer, however I still got question.

1. Can I use my Bitbucket account for Git credential when pushing just like how I use my Github when using HTTPS? It was register with Sign in via Gmail/Google thus I do not know how and what to provide on password.

2. Does having SSH setup means that every access like push, pull, etc. will check its credibility based on public key that was added in SSH settings and no not with Git credential which is being use with HTTPS?

 

Also why am I seeing first_email in the pipelines

Screenshot 2022-01-22 102001.png

But the author of commit that triggers it is second_email

Screenshot 2022-01-22 102118.png

Like
Caroline R
Caroline R
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 28, 2022

Hi, @Bitwise DEVS

Allow me to reply to each of your questions directly and feel free to share any further concerns about the information I will share with you. 

1. Can I use my Bitbucket account for Git credential when pushing just like how I use my Github when using HTTPS? It was register with Sign in via Gmail/Google thus I do not know how and what to provide on password.

As you confirmed you access your account using the Gmail option (which means you don’t use a Bitbucket password), in order to perform actions that required a password on the terminal (when using the HTTPS method), you can use an App Password to authenticate. You can follow the steps described on this documentation to create this app password:

2. Does having SSH setup means that every access like push, pull, etc. will check its credibility based on public key that was added in SSH settings and no not with Git credential which is being use with HTTPS?

In order to authenticate your git operations, you can use either HTTPS or SSH. If you have configured your git to use SSH, then Git will check if your SSH is valid and has access to the repository. If you use the HTTPS method, then you will need to inform a password to authenticate (an app password, as described in the last question). In order to check and update the URL of your Git repositories to change the method you are using to authenticate, you can follow the next steps:

1. From a terminal, navigate to the repository:

 $ cd ~/<path_to_repo>

2. Run git remote -v to see the current remote URL: 

$ git remote -v
origin https://emmap1@bitbucket.org/tutorials/tutorials.git.bitbucket.org.git (fetch)
origin https://emmap1@bitbucket.org/tutorials/tutorials.git.bitbucket.org.git (push)

Update the remote URL with git remote set-url using the new remote URL: 

$ git remote set-url origin https://{your_username}@bitbucket.org/{workspace_ID}/{repository_name}.git

You can read more about Git repository URL formats here:

3. Also why am I seeing first_email in the pipelines but the author of commit that triggers it is second_email

This is expected as the author of the commit will be the user set in your local Git configurations, but in Pipelines, it will show the authorized user in your repository.

In summary, currently, users can make changes to their local Git configuration to use a different username and email that is different than their primary Atlassian/Bitbucket Cloud email, and if the email used in their local Git configuration is not set as an email alias on Bitbucket Cloud, the commits they push will not be linked to any accounts. We already have a feature request to prevent unmapped users from pushing as you can see here: 

I hope this clarifies the situation, but please don't hesitate to ask for any further information if needed.

Kind regards,
Caroline 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events