Question about SSH Access Key scope

When adding an Access Key (SSH public key) at either the workspace, project, or repo level, is the scope of access truly limited to be read only?

The UI for adding keys seems to indicate that is the case for the project and repo level access keys, but the UI for adding workspace level access keys is not explicit about that. I also couldn't find anything in the documentation per se.

My goal as we transition to BB Cloud from Data Center is to potentially eliminate the need for any service accounts that may have been previously used by automation simply for cloning and accessing repositories for read only purposes.

1 answer

0 votes

Hi @Stacy O_Dell

You are correct that project/repo-level access keys are read-only.

Workspace-level SSH keys grant both read/write access to all repositories in the workspace, so I'd recommend using these with caution.

We have some documentation that explains this a little more in-depth:

https://support.atlassian.com/bitbucket-cloud/kb/difference-between-repository-project-and-workspace-access-keys/

Hope this helps! :)

Cheers!

- Ben (Bitbucket Cloud Support)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Suggest an answer

Was this helpful?

Thanks!

Bitbucket

DEPLOYMENT TYPE

CLOUD

PERMISSIONS LEVEL

Product Admin Site Admin

Forums

Product Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Question about SSH Access Key scope

1 answer

Suggest an answer

Was this helpful?

Thanks!

DEPLOYMENT TYPE

PERMISSIONS LEVEL

TAGS

Atlassian Community Events