Force Bitbucket to sign commits with authentication user, so cant pretend to be someone else?

Chris Whitten May 11, 2016

When you do a commit within Git to Bitbucket, it uses your user.name and user.email settings to stamp who authored the commit. We had a client ask a question about is there a way within Bitbucket to also see the authenticated user of who made the commit, so they can't pretend to be someone else?

For example, if normally my user.name is "John Doe" and my user.email setting is "john@doe.com", I could change both to be "Jane Doe" and email "jane@doe.com". When I then do a commit, it will show Jane as the author but where can I see the authenticated bitbucket user info also tied to that commit to verify it was really Jane and not Joe? I know its not under the audit log and it seems like the recent activity shows it, but only for the last few commits. Any way to see for all the commits or on the commit screen for the repo?

 Thank you

1 answer

1 vote
Daniel Wester
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 11, 2016

Not really. It's important to note though that you're talking about core git functionality- not Bitbucket functionality.  

 

That said - take a look at https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work that's probably what you're looking for. 

Chris Whitten May 12, 2016

Thanks Daniel for your reply. Is there a plugin or an easy way to extend Bitbucket for the cloud to do the GPG cert checking for me rather then having to do it by hand for every checkin in the log?

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events