Details
-
Suggestion
-
Resolution: Unresolved
Description
It is possible to add an SSH key to a team account. However, it is not possible to restrict write permissions for an SSH key.
This article indicates it is possible to do the equivalent thing on Bitbucket Server.
SSH keys added to a team are useful for granting some other server or application access to the team's repositories, but when that external application only requires read access, this authentication method fails the principle of least privilege.
A workaround is to create a resource user for the application and assign them to the Viewer group, but this is non-optimal since users on Bitbucket teams can come at cost.