Automatic removal of Access Keys from repositories in Bitbucket Data Center

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Access keys, which serve as unique identifiers allowing secure access to particular repositories for GIT operations, are removed regularly.

Environment:

  • Bitbucket Data Center and Server version 8.3.0 and above.

  • App "Repository Templates for Bitbucket" Version 3.8.4.

Diagnosis

  • Theatlassian-bitbucket.logwill have the following events.

1 2 3 4 5 6 2023-06-08 20:16:42,065 INFO [Caesium-1-4] c.m.s.t.job.ResetSettingsJobRunner REPOTEMPLATES: Starting settings reset for project PROJECT1... 2023-06-08 20:16:42,077 INFO [Caesium-1-4] c.m.s.t.reposettings.ops.SshKeysOp REPOTEMPLATES: will reset settings of type 'Access keys settings' in 'PROJECT1 / repo5' from 'PROJECT1 / repo6' 2023-06-08 20:16:42,129 DEBUG [Caesium-1-4] c.a.s.i.e.TransactionAwareEventPublisher Deferring publishing for RepositoryPermissionRevokedEvent until AFTER_COMMIT 2023-06-08 20:16:42,130 DEBUG [Caesium-1-4] c.a.b.i.k.s.DefaultSshAccessKeyService Access to repository "PRO1/repo5[1]" has been revoked for service user Access Key User - user1 2023-06-08 20:16:42,130 DEBUG [Caesium-1-4] c.a.s.i.e.TransactionAwareEventPublisher Deferring publishing for SshAccessKeyRevokedEvent until AFTER_COMMIT 2023-06-08 20:16:42,141 DEBUG [Caesium-1-4] c.a.s.i.e.TransactionAwareEventPublisher Deferring publishing for SshKeyDeletedEvent until AFTER_COMMIT

Cause

Click Here to get more information about Repository Templates for Bitbucket plugin.

  • This situation occurs due to the third-party plugin "Repository Templates for Bitbucket", which has the ability to replace repository settings like access keys, repository permissions, branch permissions, etc. with corresponding settings configured in a repository template.

  • If a cron expression is defined in the template then the repository settings will be replaced at regular intervals.

  • In this particular case, the actual access keys of repositories(repo5) are dropped and replaced by the access keys of the repository template(repo6). Additionally, if the Repository template doesn't have any keys, it gives the user the impression that keys are being removed automatically.

Solution

  • Look for the Repository templates optionunder the ADD-ONS tabin affected project's setting and uncheck the access keys option.

  • Add the access key again in the repository.

Kindly reach out to Atlassian support if anything goes wrong or need assistance in understanding the procedure. 

Updated on March 24, 2025
Platform
Data Center only
Product
Bitbucket Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community