We use PowerShell scripts that run unattended overnight to perform git operations then build and deploy to test systems. Previously we used the "app password" approach and this worked fine.
Following the warning that app passwords would be discontinued (which we only noticed very late since these are unattended operations) I have created an API Key with suitable scopes and followed the instructions on here for existing repos, using
git remote set-url origin https:[username]:[API Key]@bitybucket.org... etc.
This seemed okay, but when I run the PowerShell script, which has simple commands such as
git checkout $branch
git pull
it still shows the interactive pop-up to log in (with browser or password options). When I enter the API key as the password/key this does work, but it's not going to work unattended.
Are there further steps I need to take to allow this kind of unattended operation using the API key?
Hi Keith,
Welcome to the Bitbucket Cloud community! :)
May I know if you are running these powershell scripts locally or within Bitbucket Pipelines?
If locally - you'll need to ensure that all stored passwords related to authentication over GIT are cleared from your machine (ie Credential Manager for Windows, Access Keychain for Mac or /etc/shadow folder for Linux) as there could be a stored credential which is overriding your commands and causing the prompt to appear.
You will also need to ensure that the API key has been created with scopes, and has the proper scopes configured to perform the operations you need. Below is an example of configuring an API key which is capable of push/pull on a BBC repository:
write:repository:bitbucket
I recommend double-checking that your username is correct by clicking the Gear cog icon > Personal Bitbucket Settings and observing the username listed here.
When configuring the command as you've stated - to avoid interaction prompts you will need to incorporate username/key directly into the URL:
https://{bitbucket_username}:{api_token}@bitbucket.org/{workspace}/{repository}.git
or
https://x-bitbucket-api-token-auth:{api_token}@bitbucket.org/{workspace}/{repository}.git
I would advise storing the API key as a variable, however, so that it is not exposed in your code.
For Pipelines - the above troubleshooting steps would be the same, minus the credential clearing.
Please let me know how this goes.
Cheers!
- Ben (Bitbucket Cloud Support)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.