Skip to main content
__wf_reserved_inherit

Bitbucket Keys

Description

General

  • Documentation: https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/
  • Summary: Bitbucket provides hosting for source code and software development that use Mercurial or Git as Version Control Systems. Bitbucket keys are associated with a Bitbucket OAuth consumer. They can be used by an OAuth2 client to use Bitbucket as an OAuth2 identity provider. Obtaining this secret could allow an attacker to:
  • create a phishing authentication page, undistinguishable from the original
  • use compromised user credentials to create valid access tokens to the application
  • IPs allowlist: There is no IP allowlisting possible.
  • Scopes: The permissions associated with the tokens issued by the OAuth consumer can be configured, see docs.

Revoke the secret

The only way to revoke the secret is to delete the OAuth consumer and create a new one.

Check for suspicious activity

Not available for now.

Details for Bitbucket keys

  • Family: Api

  • Category: Version control platform

  • Company: Bitbucket

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.24

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions:
    - ^[aps]?cssc?~?$
    - ^storyboard(c|er)?~?$
    - ^xib$
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: false
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - bitbucket

Examples

- text: |
    +
    +const BITBUCKET_CLIENT_ID = "abC1P65CUCRb1wSBsG" // or get from process.env.GITHUB_CLIENT_ID
    +const BITBUCKET_CLIENT_SECRET = "4K8vvBdjQFeas5JXDCup6KffqBhcK90e" // or get from process.env.GITHUB_CLIENT_SECRET

  client_id: abC1P65CUCRb1wSBsG
  client_secret: 4K8vvBdjQFeas5JXDCup6KffqBhcK90e

Details for Bitbucket keys basic auth

  • Family: Api

  • Category: Version control platform

  • Company: Bitbucket

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 0.06

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions:
    - ^[aps]?cssc?~?$
    - ^storyboard(c|er)?~?$
    - ^xib$
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: false
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - bitbucket

Examples

- text: |
    +
    + https://ajA8T25UYEGd5wKFvC:6K2voBdjQFaas5NXLCup6KwzwBkcK93f@bitbucket.com

  client_id: ajA8T25UYEGd5wKFvC
  client_secret: 6K2voBdjQFaas5NXLCup6KwzwBkcK93f
__wf_reserved_inherit__wf_reserved_inherit

Something we didn’t cover?

__wf_reserved_inherit

See our Roadmap

__wf_reserved_inherit

Subscribe on GitHub

__wf_reserved_inherit

Submit a request

__wf_reserved_inherit

API status