Users and other systems can use SSH keys to authenticate and access repositories without using or storing credentials such as username and password.
- Project and repository administrators can create SSH keys for their projects and repositories. Learn more about creating SSH keys for system use
- Users can create personal SSH keys to perform Git operations. Learn more about creating personal SSH keys
As an admin, you can can restrict specific SSH key types, mandate minimum key lengths, and also set automatic expiry to meet your compliance and security needs.
Editing and deleting keys
As an administrator, you can create, edit, and delete personal SSH keys.
To edit or delete a personal SSH key:
- Go to Administration > Users.
- Search and select the user.
- Open the SSH keys tab.
- Select Edit or Delete.
To edit a project or repository’s access key:
- From either the Project or Repository settings, select Access keys.
- Select Edit.
Selecting Edit will allow you to change a key’s label or permissions in all places where that access key is used. You can’t change the key value or expiry date. To delete a project or repository's access key, see SSH access keys for system use.
Before you set the global expiry for SSH keys
As all SSH keys created before 8.7 aren’t associated with a created date, we’ll set their creation date to the day you first turn on the global expiry for SSH keys.
Before you set the global expiry for SSH keys, we recommend that you:
- review the Created date of SSH keys created for personal use and keys within projects and repositories to gauge which keys will be impacted.
- notify your developers, project, and repository admins in advance so they can plan to rotate their keys and minimise the loss of their access to repositories or any other integration workflows (for example, keys that integrate with other systems like Bamboo). Learn how to regenerate SSH keys for Bitbucket Data Center and Server
Require key expiry
When an SSH key is created for personal or system use, users have the option of setting an expiry date. As a system admin, you can set a global expiry for SSH keys. If you set a global expiry, users can only set a lower expiry date when they create personal SSH keys or system access keys; otherwise, the default expiry you’ve configured is used.
To set the global expiry:
- Go to Settings > Keys and tokens (under System).
- Select Yes for Automatic expiry.
- Enter the SSH key expiry (in days).
- Select Save.
This setting is applied to all existing keys too in Bitbucket.
Control allowed key types and lengths
To make sure that unsafe keys are not used, you can restrict specific key types and mandate minimum key lengths.
- Go to Settings > Keys and tokens.
- Use the options within the various key type lists to set the minimum key lengths or restrict the key type.
These changes are applied to all existing keys too in Bitbucket. Users will see an error message in the keys list within projects, repositories, and their personal keys list and will be unable to use keys nor create new keys that don’t meet the requirements you’ve set.
Was this helpful?Yes Provide feedback about this article