SSH keys for Bamboo plans
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
This informative article provides more information on repository SSH keys for Bamboo Plans, where they are stored, and how to manage them.
Solution
You might use SSH keys to connect to the repository. The private key is stored - encrypted - inside the Bamboo database, at the XML_DEFINITION_DATA column of the VCS_LOCATION table. Bamboo only decrypts it when it needs to run git operations. The plain text version of the key is not persisted anywhere.
Managing SSH keys
User interface
If you're creating plans and repositories through the User Interface directly, you can just re-save the repository configuration to generate a new SSH keypair. This can be done under Cog icon > Linked repositories > select a repository > Save for global repositories, or at the build plan configuration > Repositories > select a repository > Save.
Repository-stored specs
If you're creating plans and repositories through repository-stored specs, the SSH keys are managed and defined by the user creating the Specs. Please see the following Bamboo Specs documentation:
If that's your use-case scenario, you can use the steps from Bamboo Specs encryption to encrypt the SSH keys. It's also possible to use the encryption feature through the REST API.