Bitbucket Repository Access Token

A Bitbucket Repository Access Token is linked to a repository, and can be used for scripting tasks and integrating tools (such as CI/CD tools) with Bitbucket Cloud.

A Bitbucket Repository Access Token can be used to authenticate API calls, limited to the repository it was created for. It has limited permissions (scopes) given at creation time, and can be seen only when created, which could be an incentive to write it down in a file that could be leaked.

They don’t expire and have no expiry date. They will stop working only when they are revoked.

Note that in addition to repository access tokens, similar tokens can be created at the project and workspace levels.

Follow your policy for handling leaked secrets, which typically requires rotating the leaked access token. To do this, you must first generate a new token with the appropriate scope, then replace the leaked access token with the new one in all affected applications and services, and then revoke the leaked token.

An alternative is to revoke first, which shortens the exposure window but may also break existing applications and services that depend on the leaked token.