I want to remove a user completely from bitbucket, so that he don't have access to the bitbucket website and via terminal to the repo.
In the repo at Repository Settings/User and group access I have removed the user.
Is that enough?
Or do I have to delete the SSH key in Pipelines/SSH keys, too, and have to create a new one for myself?
Is that key just for the pipeline?
Related
Having issues creating an ssh credential in Jenkins that allows access to GitLab. I have 2 AWS instances, one with GitLab and one with Jenkins. I would like to setup a multibranch pipeline in Jenkins to run a GitLab repo. I am able to create the pipeline and can access GitLab if I use a username/password credential (using "root"/initial password) but would like to use the more secure route of using a username/SSH credential. I have generated the SSH (of the ed25519 variety) in the GitLab instance (while in root). Then, in GitLab, supplied the public key to the root user. Then, in Jenkins, provided the private SSH key and set username as "root" in a username/SSH credential. When I try to run the pipeline using the username/SSH credential I get an error indicating that it is not authorized. Should I be using a different username? Should I be generating the SSH key in a different location?
Well, I figured it was something small I was missing. I was configuring the pipeline job for the http url of the repo rather than the SSH url. Once I changed that, it worked right away.
I have a private bitbucket repo pipeline and I want to use it to update some files on another bitbucket cloud gitops private repo, and I'm wondering whether there is a way to set credentials on the gitops repo without creating or using a user email, like setting a password or ssh keys in the gitops repo and use that in the pipeline to be able to push.
Any help would be appreciated.
I have oauth2 access_token for user with scope repo which means I can basically access all public/private repos of the user.
I have a local copy of a repo on my machine and I want to pull (fetch and merge) using the authenticated user's token in github api. How do I manage this?
An OAuth access token, (like PAT (Personal Access Token)) can be used from command-line:
That OAuth token can be used as a password when GitHub asks for your credentials (username/password) for an HTTPS URL.
Therefore, make sure the remote URL is an HTTPS one, with <theuser> username in it
cd /path/to/repo
git remote -v
# if origin starts with git#github.com (SSH)
git remote set-url origin https://<theuser>#github.com/<theuser>/<repo>
Whenever you clone/pull/push a private repo from <theuser>, enter the OAuth access token as a password.
Or check your git config credential.helper: you can cache those credentials, using for instance the GCM (Git Credential Manager) like one for Mac/Linux, or for Windows.
Note that git merge is a local-only operation, so it won't require any credentials.
you can not do it locally, but I think it can be done as from docs
git pull is shorthand for git fetch followed by git merge FETCH_HEAD
you can achieve this by following the steps in order
create branch
create a new commmit
update branch to point to new commit
merge the new created branch with you want pull in
I found it very problematic to connect from Jenkins Blue Ocean to AWS CodeCommit git repository using ssh URL, so I will share below the way to do it.
Some more background:
In Blue Ocean you can use either https or ssh URL to connect to git repo. But if you select https version (which works with username+password credentials) then you cannot use some of the BlueOcean features like pipeline editor. So SSH version (which works with private/public key pair) is better.
BlueOcean tries to be nice and generates the keypair for you, you are just asked to upload the public key to the git repo server. This can be done in IAM tool in AWS, but even after that the connection doesn't work...
This worked for me:
Start the create-pipeline wizard in Blue Ocean
provide ssh repo address let say ssh://codecommiturl/repo
Jenkins generates key pair and asks you to upload it to git
do it as described in here
after upload take the value from "SSH Key ID" - this is your username
go back to Blue Ocean wizard and modify your repo url to be something like this: ssh://username#codecommiturl/repo, where username is equal to "SSH Key ID" from previous step
Finish creating pipeline
Now you should be able to use Jenkinsfile/pipeline editor from your CI server.
Additional note: for the BlueOcean features to work you need to provide correct Security roles that allow read/write operations on CodeCommit repository.
Config:
CircleCI 2.0
Bitbucket private repo
After I click on "Rebuild with SSH", the "Enable SSH" section outputs
Failed to enable SSH
No SSH key is found. Please make sure you've
added at least one SSH key in your VCS account.
What does this mean? How do I fix this?
You can use your personal private public id_rsa id_rsa.pub key-pair (which you may already generated to SSH access to other machines)
just add your public key ~./ssh/id_rsa.pub to Bitbucket -> Settings -> SSH keys -> add SSH key
then go to CircleCI and rebuild the project.
There may be confusion because CircleCi uses other SSH key called checkout SSH key-pair for:
checking out the main project
checking out any Bitbucket-hosted submodules
checking out any Bitbucket-hosted private dependencies
automatic git merging/tagging/etc.
Private checkout SSH key is saved on circleCi servers and public key is automatically uploaded to Bitbucket.
If you're using Github:
go to your keys setting: https://github.com/settings/keys
generate a key pair if you don't have one
copy and paste the key in the CircleCI UI and save.
You should immediately be able to log in with SSH into the CircleCI now (run rerun job with SSH).
If you're using Bitbucket:
Add your public key to your bitbucket account: choose Bitbucket settings from your avatar in the lower left
Click ssh keys and add your public key
You don't need to do anything in CircleCI, simply re-run the job using SSH
sources:
https://confluence.atlassian.com/bitbucket/troubleshoot-ssh-issues-271943403.html