Using access tokens for a repository

Access tokens for a repository are single-purpose access tokens with reduced access (specified during creation) that can be useful for scripting, CI/CD tools, and testing Bitbucket-connected apps during development. Access tokens for a repository are connected to a repository, not a user, and are managed by the repository’s admins.

The following examples show how to use Bitbucket Cloud access tokens for a repository with Bitbucket Cloud REST APIs and the Git command line interface (Git CLI).

Using access tokens for a repository with Bitbucket APIs

Bitbucket Cloud 統合またはアプリ開発者は、ユーザー認証に OAuth を使用することをお勧めします。OAuth サポートを備えた Bitbucket Cloud 統合またはアプリの作成方法の詳細については、アトラシアン開発者 - Bitbucket Cloud をご覧ください。

The following example shows how to use a Bitbucket Cloud access token for a repository with the curl command as a guide for how to authenticate with Bitbucket Cloud APIs. This example is querying the commits on a Bitbucket repository using the Get Repository API.

To connect to Bitbucket Cloud, send the access token as a bearer token in an HTTP Authorization header. For example:

curl --request GET \ --url 'https://api.bitbucket.org/2.0/repositories/{workspace}/{repository}' \ --header 'Authorization: Bearer <repository_access_token>' \ --header 'Accept: application/json'

Using access tokens for a repository with the Git command-line interface

Access tokens for a repository should be used with the Git command line interface in programs and scripts that are non-interactive, such as build tools, automation scripts, and CI/CD applications. When using Git daily, we recommend connecting to Bitbucket Cloud using SSH keys or Git Credential Manager to avoid manually entering an access token every time you issue a command that interacts with Bitbucket. For details on setting up SSH keys for Bitbucket, see: Set up SSH keys for Bitbucket Cloud.

To use a Bitbucket Cloud access token for a repository with the Git CLI, create an access token with the following permissions:

  • リポジトリ読み取り (repository)

  • リポジトリ書き込み (repository:write)

You have two options for using an access token for a repository with the Git CLI: provide the access token through an interact prompt, or include the access token in the URL.

Access tokens for a repository through the interactive password prompt

This method avoids storing the access token insecurely in the URL. It requires the access token to be input every time Git interacts with Bitbucket Cloud (such as git pull, git push, and git fetch). You will also need to configure the git user for the repository.

To provide the access token for the repository through an interactive prompt:

  1. 次のコマンドでリポジトリを複製します。

    git clone https://x-token-auth@bitbucket.org/{workspace}/{repository}.git

    ローカルデバイスにすでに複製されているリポジトリの場合は、次のコマンドでリモート URL をアップデートします。

    git remote set-url origin https://x-token-auth@bitbucket.org/{workspace}/{repository}.git
  2. 新たに複製されたリポジトリに移動します。

    cd {repository}/
  3. 次のように、リポジトリの Git ユーザーを設定します。

    git config user.email "{bot_email}"

    Where {bot_email} is the access token email generated when you created the access token for the repository (for example, 52c16467c5f19101ff2061cc@bots.bitbucket.org).

The access token for a repository email:

  • is not the access token name.

  • can be retrieved from the repository’s access tokens page by selecting the name of the access token.

  • can’t send or receive emails and is only used for matching Git operations to the access token.

Include the access token for a repository in the URL

We recommend not storing the access token insecurely as plain text or permanently as part of the git remote URL. This method is useful if the access token has been stored securely as a 'secret' variable in a build tool.

To use access tokens for a repository without an interactive password prompt, you can include the access token in the URL. For example:

  1. 次のコマンドでリポジトリを複製します。

    git clone https://x-token-auth:{repository_access_token}@bitbucket.org/{workspace}/{repository}.git

    ローカルデバイスにすでに複製されているリポジトリの場合は、次のコマンドでリモート URL をアップデートします。

    git remote set-url origin https://x-token-auth:{repository_access_token}@bitbucket.org/{workspace}/{repository}.git
  2. 新たに複製されたリポジトリに移動します。

    cd {repository}/
  3. 次のように、リポジトリの Git ユーザーを設定します。

    git config user.email "{botid}@bots.bitbucket.org"

    Where {botid} is the access token id generated when you created the access token for the repository. The access token id is not the access token name.

さらにヘルプが必要ですか?

アトラシアン コミュニティをご利用ください。