App passwords allow two-step verification users make API calls to their Bitbucket account through apps such as Sourcetree and Bamboo.
About app passwords
Some important points about app passwords:
You cannot view an app password or adjust permissions after you create the app password.Why?
Because app passwords are encrypted on our database and cannot be viewed by anyone. They are essentially designed to be disposable. If you need to change the scopes or lost the password just create a new one.
- You cannot use them to log into your Bitbucket account at bitbucket.org.
You cannot use app passwords to manage team actions.
App passwords are tied to an individual account's credentials and should not be shared. If you're sharing your app password you're essentially giving direct, authenticated, access to everything that password has been scoped to do with the Bitbucket API's.
You can use them for API call authentication, even if you don't have two-step verification enabled.
- You can set permission scopes (specific access rights) for each app password.
Create an app password
To create an app password:
- From your avatar in the bottom left, click Bitbucket settings.
- Click App passwords under Access management.
- Click Create app password.
- Give the app password a name related to the application that will use the password.
- Select the specific access and permissions you want this application password to have.
- Copy the generated password and either record or paste it into the application you want to give access. The password is only displayed this one time.
That's all there is to creating an app password. See your applications documentation for how to apply the app password for a specific application.
Revoke an app password
To revoke an app password, select the password and click Revoke. Then confirm that you want to revoke the password.