Are you in the loop? Keep up with the latest by making sure you're subscribed to Community Announcements. Just click Watch and select Articles.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Do repo pipeline SSH public keys need to be added explicitly to a remote repo for access?

Edited
Tim Apps
Tim Apps Oct 31, 2023

Hi team,

Within our Bitbucket Cloud workspace I have several repos which use pipelines to access another repo in the same workspace, for example...

 

definitions:
  steps:
    - step: &clean_build_branch
        name: Clean build branch
        script:
          - git archive -o a_file.tar --remote=git@bitbucket.org:xxxx/yyyy.git HEAD bin/a_file.txt

Until now no explicit SSH keys have been defined in the remote repo:

Screenshot 2023-10-31 122440.png

For existing repos trying to access this remote repo I am able to execute pipeline commands such as a remote git archive function mentioned above.

Furthermore, if I try to add the public SSH key of the repo to the Security->Access keys of the remote repo I see an error message implying that the key exists already (in ~/.ssh/authorized_keys I assume) - '..... Please use a unique SSH key':

Screenshot 2023-10-31 122322.png

... this explains why the git archive remote command works (as the public SSH key is present on the remote repo). All good.

However, I have found that when creating new repos that I need to explicitly add the public SSH keys to the remote repo using Security->Access keys to allow remote git functions to work.

Within the same Bitbucket Cloud environment I wondered if I am missing some configuration that allows a repo public SSH key to be automatically availalble to all other repos in the same Workspace, or whether this behaviour, whereby a key must be copied into the remote repo Access keys, is expected due to a recent change in how public SSH keys within the same Workspace are shared - perhaps this is a feature that has been deprecated in favour of explicit public SSH key definition?

 

Sincerely, Tim

Answer
Watch
Like Be the first to like this
100 views

1 answer

1 accepted

1 vote
Answer accepted
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Nov 01, 2023

Hi Tim!

If you want to perform an operation via SSH in repo B during a pipeline that runs in repo A, then you need to set up SSH access, this is expected behavior. Adding the SSH key to the Access keys of repo B is one option. There are other options:

1. Instead of adding the public SSH key to the repo's Access keys, you could add it to a project's Access keys (if you are a project or workspace admin). On Bitbucket website select Projects from the menu at the top (while viewing your workspace) > select a project > select Project settings > select Access keys.

Adding the key there will grant read-only access via SSH to all repos of that specific project during a build in repo A, without the need to add the key to every single repo of the project.

2. You could also add the public SSH key to the workspace's SSH keys (if you are a workspace admin) from Workspace settings > SSH keys. Please be mindful though that workspace SSH keys provide read-write access to all of the workspace's repos, which means that any developer with write access to repo A could edit its pipeline and push to any repo of the workspace.

These other two options may provide access to more repos that you actually need.

Please feel free to let me know if you have any questions!

Kind regards,
Theodora

View More Comments
Tim Apps
Tim Apps Nov 02, 2023

Hi @Theodora Boudale , thank-you very much for the clear answer - that's great!

Many thanks, Tim

Like Theodora Boudale likes this
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

See all events