Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to clone repository with submodules with APP password authentication?


I am trying to clone a repository with submodules via this command:

git clone --recurse-submodules

And the following error occurs:

Cloning into 'repo'...
Password for '':
remote: You'll need to authenticate with a valid app password. You can create an app password from your account at
fatal: unable to access '': The requested URL returned error: 403

I have tried providing the password in the command (i.e.

git clone --recurse-submodules

) and cloning via ssh. Both of these WORK for the main repo, but not for the submodules (which are set with http urls in .gitmodules). WITHOUT updating the .gitmodules, is there any way to clone the repository together with submodules?

1 answer

1 accepted

0 votes
Answer accepted

Hi @Vlad Griguta and welcome to the community.

I have tried cloning a repo of mine with submodules with the command you are using:

git clone --recurse-submodules

and I see no issues, the submodule was cloned as well. I suspect the error may be related to (possibly incorrect) credentials that are stored in your local credential manager.

Could you try clearing all Bitbucket Cloud credentials stored in your computer's credential manager and give it another try?
Also, just to be sure, does the URL of the submodules in your .gitmodules file have the following format?

Kind regards,

Hi @Theodora Boudale, and thanks for your reply.

Firstly, I suspect your Bitbucket account was created prior to Sep 13 2021. As I understand from this post (, authenticating over HTTPS with the Atlassian password has been deprecated for new users like myself. Hence, to reproduce my error one would have to create a new Bitbucket account and try to clone a repository.

I confirm that the format of submodules in .gitmodules matches yours. I am confident that these are correct, as they are used by other team members.

To be more specific, what is not clear to me from the aforementioned post on the login deprecation is how are we supposed to work with submodules via HTTPS. I understand how to clone the parent repository, and the following command does work:

git clone

However, if logging in is only available via app passwords, how could I persist the APP_PASWORD in the cloning of submodules? Is there a way to maybe set this as a global git credential that is added to the call when option --recurse-submodules is used?

Hi @Vlad Griguta,

You are right, if your Bitbucket Cloud account was created after 13th September 2021, you will need to use an app-password instead of the Atlassian account's password when you clone/pull/push via HTTPS.

However, the deprecation of Atlassian account passwords doesn't have anything to do with persisting passwords: a credential manager should be able to store an app-password (after you use it for the first time) the same way that it stores a password.

Could you please let me know the following, so I can better help you?

1. What operating system are you working on?

2. Do you see any output if you run the following commands?

git config --system credential.helper
git config --global credential.helper

These will show if a credential helper has been set up for all users or for your user on your machine.

Kind regards,

Hi @Theodora Boudale

Using a credential manager should work, thanks for suggesting.

1. Ubuntu 18.04.6 LTS

2. There is no credential helper set up for system or global.

Could you help setting that up?

Many thanks,

Hi Vlad,

There are several options for Linux systems:

1. You can use “cache” which keeps credentials in memory for a certain period of time:

git config --global credential.helper cache

Credentials are not stored on disk, but they are removed after a certain period of time.
The default is 15 minutes, but you can configure it to another value, see the link below for more details in the Git Book:

2. The second option, which is also mentioned in the link above, is to store credentials in a certain file on your machine:

git config --global credential.helper 'store --file ~/.my-credentials'

The credentials will not expire/be removed like with the 'cache' option. However, the downside of this approach is that they are stored in plain text.

3. You could also install any other credential helper available for Linux, e.g. the following:

Kind regards,

Like Vlad Griguta likes this

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Bitbucket

📣 Calling Bitbucket Data Center customers to participate in research

Hi everyone, Are you Bitbucket DC customer? If so, we'd love to talk to you! Our team wants to dive deep to understand your long-term plans regarding Bitbucket DC and Atlassian Cloud. Do you plan...

221 views 2 5
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you