Skip to main content

Bitbucket Keys

Description#

General#

  • Documentation: https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/
  • Summary: Bitbucket provides hosting for source code and software development that use Mercurial or Git as Version Control Systems. Bitbucket keys are associated with a Bitbucket OAuth consumer. They can be used by an OAuth2 client to use Bitbucket as an OAuth2 identity provider. Obtaining this secret could allow an attacker to:
  • create a phishing authentication page, undistinguishable from the original
  • use compromised user credentials to create valid access tokens to the application
  • IPs allowlist: There is no IP allowlisting possible.
  • Scopes: The permissions associated with the tokens issued by the OAuth consumer can be configured, see docs.

Revoke the secret#

The only way to revoke the secret is to delete the OAuth consumer and create a new one.

Check for suspicious activity#

Not available for now.

Details for Bitbucket keys#

  • Family: Api

  • Category: Version control platform

  • Company: Bitbucket

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.24

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^[aps]?cssc?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - bitbucket

Examples#

- text: >    +    +const BITBUCKET_CLIENT_ID = "ajC8P25UUCRd5wSFvS" // or get from process.env.GITHUB_CLIENT_ID    +const BITBUCKET_CLIENT_SECRET = "6K2vvBdjQFeas5YXLCup6KtzqBhcK73e" // or get from process.env.GITHUB_CLIENT_SECRET
  client_id: ajC8P25UUCRd5wSFvS  client_secret: 6K2vvBdjQFeas5YXLCup6KtzqBhcK73e

Details for Bitbucket keys basic auth#

  • Family: Api

  • Category: Version control platform

  • Company: Bitbucket

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.06

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^[aps]?cssc?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - bitbucket

Examples#

- text: >    +    + https://ajC8P25UUCRd5wSFvD:6K2vvBdjQFeas5YXLCup6KtzqBhcK73f@bitbucket.com
  client_id: ajC8P25UUCRd5wSFvD  client_secret: 6K2vvBdjQFeas5YXLCup6KtzqBhcK73f