Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How can I audit that GPG keys are required on a Bitbucket repository?

Neil Hunt
Neil Hunt January 15, 2025

Our security team is interested in verifying that we are requiring a GPG key on our repositories. To produce this report, I wanted to query the repository, however I do not see a property returned related to this. Is there any way to query the state of this configuration setting?

verified signature.png

Answer
Watch
Like Be the first to like this
152 views

2 answers

0 votes
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 17, 2025

Hi Neil and welcome to the community!

The API endpoint you provided (https://developer.atlassian.com/cloud/bitbucket/rest/api-group-repositories/#api-repositories-workspace-repo-slug-get) returns this property, its name is enforced_signed_commits. Its value can be true, false, or null if it has never been enabled.

You can also use the following API endpoint to get this info for all repositories of a workspace (the result can be narrowed down based on the authenticated user's role.):

You can also request a partial response so that the call returns only repo names and this property. An example with curl is the following:

curl -u username:app-password --request GET \
--url 'https://api.bitbucket.org/2.0/repositories/workspace-id?fields=values.name,values.enforced_signed_commits' \
--header 'Accept: application/json'

In bold are the values that you need to replace with your own.

Please feel free to reach out if you have any questions!

Kind regards,
Theodora

Reply
0 votes
Sahir Maharaj
Sahir Maharaj
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 15, 2025

Hello @Neil Hunt

To verify if GPG keys are required for your Bitbucket repositories, you can use Bitbucket's API to query repository settings.

However, the specific setting for GPG key enforcement may not be exposed in the current API schema.

Instead, you might need to manually check the repository's security settings through the Bitbucket UI under Repository settings > Security.

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.