Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Project-level variables

sah-lazos
sah-lazos February 25, 2020

(My first post, please let me know where i can make feature requests!)

Are there any plans to add Project-level variables to Bitbucket Pipelines?

I use variables to configure AWS access keys, and since i develop a lot of microservices it can be a pain to maintain an IAM user for each repository. On the other hand, I don't want to have one set of credentials for my entire Bitbucket team since it is not good practice to have an all-powerful set of credentials that can take down your whole environment if compromised. Was thinking Project-level would be the ideal compromise. 

Answer
Watch
Like # people like this
3287 views

3 answers

3 accepted

1 vote
Answer accepted
Andy - PTC Redundant
Andy - PTC Redundant
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 25, 2020

Nice one @sah-lazos : consider your own answer accepted.

For people who have the same or similar questions, some additional advice:

Always go to https://support.atlassian.com/
In particular click on Suggestions and Bugs: https://jira.atlassian.com/secure/Dashboard.jspa?selectPageId=10440

This is everything and anything to do with Bug fixing of Atlassian Products and Feature requests!

Reply
1 vote
Answer accepted
sah-lazos
sah-lazos February 25, 2020

Will answer my own question: https://jira.atlassian.com/browse/BCLOUD-14959

Reply
0 votes
Answer accepted
sah-lazos
sah-lazos August 24, 2021

As a workaround, i came up with the following script against the Bitbucket API (requires curl and jq, a bitbucket App password associated with your user from your personal settings). This sets (or resets) the same variable on every repo in a project.

The code below sepcifically helps me set AWS credentials, but you could change to any variables

 

#!/bin/bash

API_BASE_URL=https://api.bitbucket.org/2.0

if [ -z "$BBUSERNAME" ]; then
  echo "Missing required environment variable BBUSERNAME"
  exit 1
fi

if [ -z "$BBSECRET" ]; then
  echo "Missing required environment variable BBSECRET"
  exit 1
fi

read -p "Workspace: " API_WORKSPACE
read -p "Project Key: " PROJECT_KEY
read -p "AWS Access Key ID: " AWS_ACCESS_KEY_ID
read -p "AWS Secret Access Key: " AWS_SECRET_ACCESS_KEY

projects=$(curl -s -X GET -u $BBUSERNAME:$BBSECRET "$API_BASE_URL/repositories/$API_WORKSPACE?q=project.key=\"$PROJECT_KEY\"")
nextpage=$(echo $projects | jq -r '.next')

update_variable() {
  repo_slug=$1
  key=$2
  value=$3
  secured=$4
  uuid=$5

  uuid=${uuid:1:36}
  if [ -n "$uuid" ]; then
    curl -s -X PUT -u $BBUSERNAME:$BBSECRET -H 'Content-Type: application/json' \
      "$API_BASE_URL/repositories/$API_WORKSPACE/$repo_slug/pipelines_config/variables/\{$uuid\}" \
      -d "{\"uuid\": \"$uuid\", \"key\": \"$key\", \"value\": \"$value\", \"secured\": $secured }" \
      > /dev/null
  else
    curl -s -X POST -u $BBUSERNAME:$BBSECRET -H 'Content-Type: application/json' \
      "$API_BASE_URL/repositories/$API_WORKSPACE/$repo_slug/pipelines_config/variables/" \
      -d "{\"key\": \"$key\", \"value\": \"$value\", \"secured\" : $secured }" \
      > /dev/null
  fi
}

set_variables() {
  while read -r repo_slug; do
    pipeline_enabled=$(curl -s -X GET -u $BBUSERNAME:$BBSECRET "$API_BASE_URL/repositories/$API_WORKSPACE/$repo_slug/pipelines_config" | jq -r '.enabled')
    if [ "$pipeline_enabled" = "true" ]; then
      echo "Updating variables for $repo_slug"
      variables=$(curl -s -X GET -u $BBUSERNAME:$BBSECRET "$API_BASE_URL/repositories/$API_WORKSPACE/$repo_slug/pipelines_config/variables/")
      access_key_id_var_uuid=$(echo $variables | jq -r '.values[] | select(.key=="AWS_ACCESS_KEY_ID") | .uuid')
      secret_access_key_var_uuid=$(echo $variables | jq -r '.values[] | select(.key=="AWS_SECRET_ACCESS_KEY") | .uuid')
      update_variable $repo_slug "AWS_ACCESS_KEY_ID" $AWS_ACCESS_KEY_ID "false" $access_key_id_var_uuid
      update_variable $repo_slug "AWS_SECRET_ACCESS_KEY" $AWS_SECRET_ACCESS_KEY "true" $secret_access_key_var_uuid
    fi
  done < <(echo $projects | jq -r '.values[] | .slug')
}

set_variables

while [ -n "$nextpage" ]; do
  projects=$(curl -s -X GET -u $BBUSERNAME:$BBSECRET $nextpage)
  nextpage=$(echo $projects | jq -r '.next')
  set_variables
done
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security