Where SSH keys are stored in Bitbucket Server when a new repository is linked to Bamboo

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform notice: Server and Data Center only. This article only applies to Atlassian products on the server and data center platforms.

Summary

If you have Bamboo integrated with Bitbucket Server via Application links and link a new repository to Bamboo using the "Bitbucket Server" repository type, an SSH key pair is automatically generated. The private key is stored encrypted inside the Bamboo database and the public key is sent to Bitbucket via the integration. Depending on the permissions the user that was used to authorize the connection has for the repository in Bitbucket, the keys will be stored in different places. 

Solution

For repository admins:

An SSH access key for system use will be added to the repository. As this key will not be tied to any specific user in Bitbucket, even If the user used to create it gets deleted later on in Bitbucket, the repository will still work in Bamboo. If you want to revoke access to the repository, the key will need to be manually removed from Bitbucket.

For non-admin accounts:

If the user that added the repository to Bamboo has only "write" permissions to the repository in Bitbucket, the public key will be added to his profile (a new key for every new repository they link). If this user gets deleted in Bitbucket, all checkout tasks from plans using this repository configuration in Bamboo will stop working, requiring the linked repository to be re-saved in Bamboo so a new SSH key pair can be generated.

Last modified on Jan 27, 2022

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.