Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Unattended PowerShell changed to use API key - how to run unattended?

Keith Fearnley
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 9, 2025

We use PowerShell scripts that run unattended overnight to perform git operations then build and deploy to test systems. Previously we used the "app password" approach and this worked fine.

Following the warning that app passwords would be discontinued (which we only noticed very late since these are unattended operations) I have created an API Key with suitable scopes and followed the instructions on here for existing repos, using

git remote set-url origin https:[username]:[API Key]@bitybucket.org... etc.

This seemed okay, but when I run the PowerShell script, which has simple commands such as

git checkout $branch
git pull

it still shows the interactive pop-up to log in (with browser or password options). When I enter the API key as the password/key this does work, but it's not going to work unattended.

Are there further steps I need to take to allow this kind of unattended operation using the API key?

1 answer

0 votes
Ben
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 10, 2025

Hi Keith,

Welcome to the Bitbucket Cloud community! :)

May I know if you are running these powershell scripts locally or within Bitbucket Pipelines?

If locally - you'll need to ensure that all stored passwords related to authentication over GIT are cleared from your machine (ie Credential Manager for Windows, Access Keychain for Mac or /etc/shadow folder for Linux) as there could be a stored credential which is overriding your commands and causing the prompt to appear.

You will also need to ensure that the API key has been created with scopes, and has the proper scopes configured to perform the operations you need. Below is an example of configuring an API key which is capable of push/pull on a BBC repository:

  • Click the Gear cog icon > Atlassian Account settings > Security tab > Create and manage API Tokens
  • Select Create API token with scopes
  • Select Bitbucket
  • Ensure the following scopes are configured - read:repository:bitbucket

    write:repository:bitbucket

I recommend double-checking that your username is correct by clicking the Gear cog icon > Personal Bitbucket Settings and observing the username listed here.

When configuring the command as you've stated - to avoid interaction prompts you will need to incorporate username/key directly into the URL:

https://{bitbucket_username}:{api_token}@bitbucket.org/{workspace}/{repository}.git

or

https://x-bitbucket-api-token-auth:{api_token}@bitbucket.org/{workspace}/{repository}.git

I would advise storing the API key as a variable, however, so that it is not exposed in your code.

For Pipelines - the above troubleshooting steps would be the same, minus the credential clearing.

Please let me know how this goes.

Cheers!

- Ben (Bitbucket Cloud Support)

 

 

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events