Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

How do I use the new app password for command line Git?

John Ivory February 24, 2022

We have been using command line Git for months, but now apparently have to switch things to using an app password. The instructions for creating an app password were clear enough (https://bitbucket.org/blog/deprecating-atlassian-account-password-for-bitbucket-api-and-git-activity), but it's not at all clear what we're supposed to do with them once generated.

Our team is on Windows, if that matters. We're not using any GUIs or tools... just command line, and we've not had to touch passwords or authentication of any sort since we started. None of us remember the mechanics.

Help?

11 answers

1 accepted

0 votes
Answer accepted
John Ivory February 28, 2022

When it was all said and done, it required that I update the contents of my _netrc file (found in C:\users\account_name\).  

36 votes
Jemerson Damásio
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
April 14, 2022

Honestly, I absolutely hate this app password thing.

HRD
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
April 17, 2022

Why I can't upvote this?

Like # people like this
sunil August 12, 2022

Likewise.

I could tolerate the requirement to use app passwords if bitbucket provided clear documentation on how to use them. But that clarity is entirely absent.

Additionally, app passwords appear to be absolutely required in cases where they aren't needed at all.

Atlassian has dropped the ball here.

Like # people like this
Matt Crysler
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
August 12, 2022

Well, I got it to work the only way I could…by storing the app password in the clear in the git config. Certainly not ideal but atleast I can use git again.

Like Ralf likes this
Robert Gulde
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
December 21, 2022

Did they do this so that you don't expose your bitbucket login (administrative) password to the git application? I the the security risk there is that git could mirror passwords off to hackers.

Assuming a GIT version you received was not through a reputable install system?

17 votes
Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 24, 2022

G'day John!

Once you have generated the App Password in Personal Settings > App Password:

  • Essentially, when connecting via HTTPS you will use your AppPassword alongside your username separated with a ":" character.
  • Therefore if you are authenticating to GIT over HTTPS to push/pull you will need to update your remote URL's to include the App Password:
    git remote set-url origin https://USERNAME:APP_PASSWORD@bitbucket.org/workspaceID/reposlug.git
  • The same applies when performing git clone:
    git clone https://USERNAME:APP_PASSWORD@bitbucket.org/workspaceID/reposlug.git

Hope this helps.
Cheers!

- Ben (Bitbucket Cloud Support)

  

John Ivory February 25, 2022

Well, it helps some, but it's not quite what I was looking for.

Since GIT was set up for us, we've never had to do any sort of authentication. It's all happened somewhat behind the scenes for each of us. All we enter is "git this" or "git that". How do we make this new app password work for us the same way?

artemcs February 27, 2022

Should I store my app password on an arbitrary computer? It is not safe. Why are you forcing us to do this?

 

Please explain if it is possible to continue using Attlassian Git safely on the command line with my password? If not, please report us immediately! We will be moving.

Like # people like this
Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 27, 2022

Hey John,

The App Password only needs to be configured once in the git remote configuration as described above. Once this has been configured, git pull/push will function as normal and won't need any extra commands to be added.
You will only need to use the App Password explicitly when performing a git clone in the format described above.

The removal of account password usage for Basic authentication when using Git over HTTPS and/or the Bitbucket Cloud REST API is due to Bitbucket Cloud's ongoing effort to align with internal infrastructure and improve Atlassian account security. App passwords are substitute passwords for a user's account and are designed to be used for a single purpose with limited permissions.

By replacing the usage of account passwords with app passwords for Git over HTTPS and/or the Bitbucket Cloud REST API, we are able to improve account security given the fact that app passwords are single-use, have limited permissions, and can be easily and quickly revoked.

I would suggest storing the App Password in a location that is not shared by other users, using a password manager application.

If you do not believe that App Password is secure, you have the option to use SSH for authentication instead with a keypair instead of a username/password or App Password combination:
https://support.atlassian.com/bitbucket-cloud/docs/configure-ssh-and-two-step-verification/

Hope this helps.

Cheers,

Ben (Bitbucket Cloud Support)

artemcs February 27, 2022
How can I work on other computers?
Like Cory Root likes this
artemcs February 27, 2022
How can I work on other computers? Should I create and save access to my repositories on every other computer? I don't want to do it?
Like Cory Root likes this
Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 28, 2022

Hey John,

To work on other pc's you will indeed need to save configuration on these machines to do so. This is because the local configuration on any given pc first needs to know how to locate the repository you are connecting to and which authentication method to use. 

For HTTPS you will need to update the remote URL's as specified above.

For SSH, you will need to transfer your private/public key files to this new pc. SSH allows you to secure the keys with a passcode however, which will prevent unauthorized access by other users unless they know what this passcode is.
To move an SSH key you simply need to move the ~/. ssh folder to the new machine and run ssh-add command to load this into your ssh-agent.
More information here:
https://support.atlassian.com/bitbucket-cloud/docs/set-up-an-ssh-key/ 

If you were to move to a new pc even using the old username/password basic auth method, you would still need to configure the remote URL's so git would know where to communicate with the repository, as aforementioned above.
For your use case, I believe SSH is the most viable as the passphrase adds an extra layer of security similar to the basic password you were using previously to authenticate.

Cheers!

- Ben (Bitbucket Cloud Support)

Like Felipe Vieira Cortes likes this
Tech Support
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
May 3, 2022

I tried Ben's recommendation, but I still receive error when cloning: "The requested repository either does not exist or you do not have access...".

I did verify that my App Password has all privileges checked.

I also tried with credential manager turned off completely. And I can connect just fine with GitHub Desktop, however. :/

Tech Support
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
May 3, 2022

Update: Got it going by using jopauljn's advice: Use WORKSPACE in repo path, not username as show in Ben's comment.

So... my advice is to be very careful to use Username (not App Label) colon App Password (not username's password), and use Workspace in repo path, not Username.

Jonathan Crossland
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
May 17, 2023

Who makes decisions for this kind of stuff there at Atlassian. You are going down stupid rabbit holes.

3 votes
muller_b
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
May 4, 2022

Wow, how bad that is! We are forced to keep an authentication key locally! Or how to reverse the progress.

If at least, we could define the app password and not generate it...

I hope we all find another repo provider.

3 votes
jopauljn
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
April 22, 2022

Hey this helped me to clear authentication for doing Git ops like "git pull origin master"

git remote set-url origin https://USERNAME:APP_PASSWORD@bitbucket.org/WORKSPACE/REPO.git

Refer to the below article for more clarity!

https://community.atlassian.com/t5/Bitbucket-articles/Announcement-Bitbucket-Cloud-account-password-usage-for-Git-over/ba-p/1948231

akwehive
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
May 4, 2022

This worked for me! Thanks so much @jopauljn 

raj_p
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 25, 2022

fyi, if you're having trouble finding your WORKSPACE, navigate to the url of your repository, for me it was the same as my username ie:

https://bitbucket.org/WORKSPACE/REPO/src/master/

3 votes
progonkpa
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
April 5, 2022

I don't want to use these app passwords.
Atlassian / Bitbucket scored massive bad points on this one for me.

My gut is telling me bad intent involved, most likely in the realm of more control for them, tracking, locking people out in the future and so on.

Aleksey Suvorov May 19, 2022

Atlassian, good job on screwing up my productive day. Waste of time! 

2 votes
baruch23
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
May 6, 2022

So the "password" is stored in clear text ??

WOW

Sounds like a very good reason to finally do the migration github.

0 votes
john_abraham_hba June 9, 2022

I found that allowing Windows to prompt for a password would 100% not accept the App password (nor the user password, obviously, since user passwords are no longer accepted...)

The only thing that worked was putting the app password into the url:

 

https://GIT_USER:APP_PASSWORD@...

 (Not required on Linux or MacOS).

0 votes
W_ AdT May 30, 2022

Of coz, we all know that saving a string of meaningless garbage in local can make your account safer.

But as a human being, I still prefer passwords in my brain with a 2FA, or more customizable app password

0 votes
Aleksey Suvorov May 19, 2022

Atlassian, good job on screwing up my productive day. Waste of time! 
Everything stopped working on the build server. We can't release our software!
Where are the plain step-by-step instructions??? Why I should hunt for it? What a mess!  

Aleksey Suvorov May 19, 2022

This is what you need to do for migration:

1. Generate AppPAssword in personal settings per Atlassian instructions.
2. Delete the existing repository local folder.
3. Run: git clone https://your_user@bitbucket.org/your_org/your_repo.git
when it will prompt a login dialog, provide AppPassword from step 1.

Like Annarita Buonaura likes this
Matt Crysler
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
August 12, 2022

So what happens, as is the case with me, when you have a bunch of local changes that you are trying to push but are suddenly faced with the "Fatal task" error message, indicating an app password is required? I set up an app password and tried to do the push, was prompted for my password but the app password didn't work. 

Like apersaud12 likes this
0 votes
muhammadsohaibgondal
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
April 5, 2022

We did setup a new SSH key locally. And saved the pub key in public. Now, when we try to clone the repost, it shows the following error.

The requested repository either does not exist or you do not have access. If you believe this repository exists and you have access, make sure you're authenticated.
fatal: Could not read from remote repository.

As, we are sure that the repository exists and ssh agent has loaded the key too. But still cloning is not working. 

Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 18, 2022

Hi there,

I would recommend referring to our documentation for troubleshooting this further - this will provide steps to try for common issues:
https://support.atlassian.com/bitbucket-cloud/docs/troubleshoot-ssh-issues/

Cheers!

- Ben (Bitbucket Cloud Support)

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events