Use access keys
You can use access keys with your Bitbucket Cloud repositories to allow a user or a process to pull or clone a repository over SSH. Access keys have the following features and limitations:
- Access keys grant read-only access to a public or private repository.
- Access keys do not apply to your plan limit.
- You can add the same access key to multiple repositories.
- The access key must be unique — it cannot also be associated with an account.
Access keys can be used to allow a build server to authenticate with Bitbucket Cloud to check out and test your code.
Before you begin
The SSH public and private key pair exists on the remote service or machine. The public key must be added to the Bitbucket Cloud repository.
Make sure you have already generated your access key and added it to the remote server. For detailed information on the SSH protocol and generating keys, see SSH keys.
How to add an access key
If you are using the access key for building code, make sure your build server has the key installed. For example, if you are using Bamboo, each agent should have the key installed. To add an access key to a Bitbucket Cloud repo, do the following:
In a terminal, log in to the server where the key is located. Copy the contents of the public key to the clipboard:
$ cat ~/.ssh/id_rsa.pub
Mac OS X
$ pbcopy < ~/.ssh/id_rsa.pub
- Now, in Bitbucket Cloud, go to the repository and click Settings in the sidebar.
- Click Access keys from the left hand menu.
- Press Add key.
- In the 'Add SSH key' dialog, enter a label and paste the public key from the clipboard.
Press Add key. Bitbucket notifies you by email that a key was added to your account.
If you are using your key for a build system, it is a good idea to confirm the key is working correctly from the build server (or Bamboo agent). For example, you could manually clone a repository on the server using the SSH protocol and the key. If you have trouble using your key, see Troubleshoot SSH issues.
Edit a access key
After you add a key, you can edit the key's Label but not the key itself. If you need to change the key's contents, you must delete and re-add the key. This is a security measure. In the event your account security was hacked without your knowledge, the hacker could not replace or damage your existing keys.