Repository Access Tokens

Repository Access Tokens are per-repository passwords used for scripting tasks and integrating tools (such as CI/CD tools) with Bitbucket Cloud. Repository Access Tokens are designed to be used for a single application with limited permissions, so they don't require two-step verification (2SV, also known as two-factor authentication or 2FA). Repository Access Tokens are not tied to a user’s account but are tied to a Bitbucket repository, restricting the access of the token to a single repository, and providing a more secure solution than user-based authentication methods such as App passwords.

Repository Access Token features

Repository Access Tokens have the following features:

  • They can be used to authenticate API calls.

  • They have limited permissions (scopes), specified when the access token is created.

  • They are intended to be single-purpose, rather than reusable.

  • They are encrypted on our database and can't be viewed by anyone.

Repository Access Token limitations

Repository Access Tokens have the following limitations:

  • They can't be viewed or edited after they are created. They are intended to be replaced with a new access token rather than recovered or modified.

  • They can't be used to log in to your Bitbucket account at bitbucket.org.

  • They don't expire and an expiry date can't be set, they will stop working when they are revoked.

  • They can't be used to manage or interact with workspaces, projects, or any other repository.

Additional Help