-
Suggestion
-
Resolution: Fixed
-
6
-
Atlassian status as of November 2021
Hi everyone,
Thank you for voting on this suggestion. In Bitbucket Data Center 7.18 we've added HTTP Access Tokens for projects and repositories. More details can be found in the release notes and official documentation.
Anton Genkin
Product Manager
Original suggestion
As of now, build systems like TeamCity need to retrieve the sources via SSH and a private key infrastructure in order to be secure & do not use up an additional "service user" license for each project.
This has two major drawbacks:
- It forces us to manage the private key infrastructure (administrative overhead)
- It is not recommended to use SSH via automatic build tools according to the docs: https://confluence.atlassian.com/display/STASH/Enabling+SSH+access+to+Git+repositories+in+Stash
Furthermore, it forces us to enable SSH on Stash in the first place, this is not a huge drawback (due to the minimal configuration), however, still a security issue.
Optimally we would have:
- a default service user for each project
- enabling the "service users" feature costs only a single user license in total (regardless of how many projects provide service users)
- the service user can simply connect via HTTPS like all other Stash users
(see also https://answers.atlassian.com/questions/313156/stash-licensing-for-ci-build-systems for a discussion on the topic)
[BSERV-4989] Access keys for HTTP/HTTPS
| Remote Link | New: This issue links to "Page (Confluence)" [ 1014718 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 723575 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 628408 ] |
| Remote Link | Original: This issue links to "Page (Confluence)" [ 593892 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 627220 ] |
| Fix Version/s | New: 7.18.0 [ 98092 ] | |
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: Gathering Interest [ 11772 ] | New: Closed [ 6 ] |
| Description |
Original:
As of now, build systems like TeamCity need to retrieve the sources via SSH and a private key infrastructure in order to be secure & do not use up an additional "service user" license for each project.
This has two major drawbacks: * It forces us to manage the private key infrastructure (administrative overhead) * It is not recommended to use SSH via automatic build tools according to the docs: https://confluence.atlassian.com/display/STASH/Enabling+SSH+access+to+Git+repositories+in+Stash Furthermore, it forces us to enable SSH on Stash in the first place, this is not a huge drawback (due to the minimal configuration), however, still a security issue. Optimally we would have: * a default service user for each project * enabling the "service users" feature costs only a single user license in total (regardless of how many projects provide service users) * the service user can simply connect via HTTPS like all other Stash users (see also https://answers.atlassian.com/questions/313156/stash-licensing-for-ci-build-systems for a discussion on the topic) |
New:
{panel:title=Atlassian status as of November 2021|borderStyle=solid|borderColor=#deebff|titleBGColor=#deebff|bgColor=#ffffff}
Hi everyone, Thank you for voting on this suggestion. In Bitbucket Data Center 7.18 we've added HTTP Access Tokens for projects and repositories. More details can be found in the [release notes|https://confluence.atlassian.com/bitbucketserver/bitbucket-data-center-and-server-7-18-release-notes-1087534957.html#BitbucketDataCenterandServer7.18releasenotes-HTTPaccesstokensforprojectsandrepositories] and official [documentation|https://confluence.atlassian.com/bitbucketserver/http-access-tokens-939515499.html]. Anton Genkin Product Manager {panel} h3. Original suggestion As of now, build systems like TeamCity need to retrieve the sources via SSH and a private key infrastructure in order to be secure & do not use up an additional "service user" license for each project. This has two major drawbacks: * It forces us to manage the private key infrastructure (administrative overhead) * It is not recommended to use SSH via automatic build tools according to the docs: [https://confluence.atlassian.com/display/STASH/Enabling+SSH+access+to+Git+repositories+in+Stash] Furthermore, it forces us to enable SSH on Stash in the first place, this is not a huge drawback (due to the minimal configuration), however, still a security issue. Optimally we would have: * a default service user for each project * enabling the "service users" feature costs only a single user license in total (regardless of how many projects provide service users) * the service user can simply connect via HTTPS like all other Stash users (see also [https://answers.atlassian.com/questions/313156/stash-licensing-for-ci-build-systems] for a discussion on the topic) |
| Remote Link | Original: This issue links to "Page (Confluence)" [ 598541 ] |
| Remote Link | New: This issue links to "Page (Confluence)" [ 598541 ] |
| UIS | Original: 7 | New: 6 |