It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How do I generate an App password for a team so that I can copy artifacts to a download section? Edited

I'm using Bitbucket pipelines to build the code in a repository and then deploy artifacts to the repository download section.

The repo is owned by a team, not my individual user id. (My user id has write permission, however.)

The pipelines documentation at https://confluence.atlassian.com/bitbucket/deploy-build-artifacts-to-bitbucket-downloads-872124574.html says that in order to copy the artifacts to the Download section I need an environment variable with two parameters:

"username - Bitbucket username of the repository owner (and also the user who will upload the artifacts)

password - App password as generated by bitbucket"

I'm confused about this because the repository "owner" (?) is the team, not me.

Also, there is no way (that I can see) to generate an App password from a team's settings options.

What App password and user name should I use for this?

 

2 answers

0 votes

 

Hi Ann! An App Password can be created by a user who has Admin rights over the repo or Team. If you're an admin for that team you can create an App password using your individual Bitbucket account and use it for the team. Otherwise, if you're a normal user, you'll need to contact one of the admins to follow the steps at App passwords

Hope this helps!

Ana

Hi Ana,

Quick followup question:

To use Bitbucket pipelines to build code in a team-owned repository, I need to create an environment variable

BB_AUTH_STRING

which should be:

username:app-password

The documentation for pipelines says "username" should be the owner of the repository. However, in the case of a team-owned repository, the "owner" (a team) can't create App Passwords.

So instead, I should create an "App password" using an ordinary user account and use that user's id and app password?

e.g.,

team-member:app-password

Is this correct?

(That's what I did, and it's working fine, so I assume I've got it right. Just wanted to confirm with an expert!)

Best wishes,

A.

Yes Ann, that is correct :) However, keep in mind that the user need to have Admin rights for that team. Let us know if you have any other questions!

Have a nice day,

Ana

If you use the app password in a way that's visible to other members of your team -- in this example, within a pipeline script that uploads an artifact to 'downloads' -- wouldn't this give other users on the team API access to the private repositories on your user account (including those not owned by said team) or perhaps even separate teams that you're a member?

There's even a note that advises against this in the app passwords doc:

"App passwords are tied to an individual account's credentials and should not be shared. If you're sharing your app password you're essentially giving direct, authenticated, access to everything that password has been scoped to do with the Bitbucket API's."

I don't understand why this would be the recommended solution for uploading pipeline artifacts in a team setting unless you trust everyone on your team with API access to your repos.  Or if you have multiple Bitbucket accounts and keep your 'team' stuff totally isolated from other teams/personal usage.

0 votes

In case anyone still needs help on this. Generate the App Password with the admin user account (admin to the team) as suggested in the thread. However, send the request with that username as well (do NOT use the team username).

BB_AUTH_STRING = "adminUser:adminAppPassword"

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published Mar 14, 2019 in Bitbucket Pipelines

Building a Bitbucket Pipe as a casual coder

...ipe.sh :  #!/bin/bash source "$(dirname "$0")/common.sh" enable_debug extra_args="" if [[ "${DEBUG}" == "true" ]]; then extra_args="--verbose" fi # mandatory variables R...

1,042 views 1 16
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you