Trouble with SSH and Bitbucket Pipelines


I am having difficulty trying to configure my pipeline with bitbucket repo using SSH. As per the documentation (, I've generated a SSH key pair for the bitbucket repository in question.

The basic workflow via the yml is as follows:

- clone the bitbucket repo (this seems to happen by default in the "Build Setup" step and works fine)

- fetch and checkout master (this fails at the git fetch command with "permission denied (publickey)" message

- get config changes from salesforce org (this part works fine in isolation)

- commit changes to master branch (haven't been able to get here yet...)

Sample yml here:


    - step:

          # commit message
          - commitmsg="Latest PROD changes committed to master branch"
          # Set up repo and checkout master
          - git remote set-url origin$BITBUCKET_REPO_OWNER/$BITBUCKET_REPO_SLUG.git
          - git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/*
          - git fetch
          - git checkout master

          #- echo "getting latest changes from PROD..."
          - ant -buildfile build/build.xml getCode -Dsf.username=$SF_USERNAME -Dsf.password=$SF_PASSWORD -Dsf.serverurl=$SF_SERVERURL$BUILD_DIR

          # Commit any changes to master
          - git add src/*
          - git config "$GIT_USERNAME"
          - git config "$GIT_EMAIL"
          - if [[ -n $(git status -s) ]] ; then filelist=`git status -s` ; git commit -a -m "$commitmsg" -m "$filelist" ; git push origin master:master ; else echo "No changes detected"; fi



My confusion comes with how to use the above-generated SSH key pair with this configuration - this method seems to be quite new and the documentation is lacking (I'm finding a lot of dead confluence links.....). 

There is a previous answered post that covers manually creating the SSH key pairs and using environment variables here - ( but is this still relevant now that the SSH keys are generated through the pipelines UI?

Any help here would be greatly appreciated!

1 answer

1 accepted

1 votes


Hi Ben,

The generated SSH keys for Pipelines are not automatically set up to be able to have access to your repository, which is why you are running into these issues. You will need to give the generated SSH key access to your repository, in a similar way to other SSH keys:

Now you should be able to access your Bitbucket repository from Pipelines.

May I also suggest some additional changes:

1. Since Bitbucket Pipeline automatically clones the repository, you don't need to do that yourself.

2. In your bitbucket-pipelines.yml, you can specify that your pipeline runs only when master branch changes (right now it will trigger for *any* commit pushed, regardless of the branch it is on). You can configure this with the branch feature:

3. Add the string "[skip ci]" to your commit message in your pipeline, to prevent it from triggering another pipeline:



Thanks Phil, much appreciated.

We managed to come to the same conclusion - adding the Public SSH Key to the user settings under "Security > SSH Keys" has resolved the issue.

At this stage, the pipeline exists only to detect changes made directly into our production Salesforce org and commit these to the repo as an "audit trail" of sorts. As we expand the use to include migration of downstream changes to repo/sandbox, we will look at enhancing the pipeline workflow.

And thanks for the tip regarding [skip ci] - it works like a charm!



Suggest an answer

Log in or Join to answer
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

662 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot