Skip to main content

Bitbucket Keys

Description#

General#

  • Documentation: https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/
  • Summary: Bitbucket provides hosting for source code and software development that use Mercurial or Git as Version Control Systems. Bitbucket keys are associated with a Bitbucket OAuth consumer. They can be used by an OAuth2 client to use Bitbucket as an OAuth2 identity provider. Obtaining this secret could allow an attacker to:
  • create a phishing authentication page, undistinguishable from the original
  • use compromised user credentials to create valid access tokens to the application
  • IPs allowlist: There is no IP allowlisting possible.
  • Scopes: The permissions associated with the tokens issued by the OAuth consumer can be configured, see docs.

Revoke the secret#

The only way to revoke the secret is to delete the OAuth consumer and create a new one.

Check for suspicious activity#

Not available for now.

Details for Bitbucket keys#

  • Family: Api

  • Category: Version control platform

  • Company: Bitbucket

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.24

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^[aps]?cssc?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: false  ban_markup: false- type: ContentWhitelistPreValidator  patterns:  - bitbucket

Examples#

- text: |    +    +const BITBUCKET_CLIENT_ID = "abC1P65CUCRb1wSBsG" // or get from process.env.GITHUB_CLIENT_ID    +const BITBUCKET_CLIENT_SECRET = "4K8vvBdjQFeas5JXDCup6KffqBhcK90e" // or get from process.env.GITHUB_CLIENT_SECRET
  client_id: abC1P65CUCRb1wSBsG  client_secret: 4K8vvBdjQFeas5JXDCup6KffqBhcK90e

Details for Bitbucket keys basic auth#

  • Family: Api

  • Category: Version control platform

  • Company: Bitbucket

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.06

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^[aps]?cssc?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: false  ban_markup: false- type: ContentWhitelistPreValidator  patterns:  - bitbucket

Examples#

- text: |    +    + https://ajA8T25UYEGd5wKFvC:6K2voBdjQFaas5NXLCup6KwzwBkcK93f@bitbucket.com
  client_id: ajA8T25UYEGd5wKFvC  client_secret: 6K2voBdjQFaas5NXLCup6KwzwBkcK93f