How to Use Repository and Deployment Variables in Bitbucket Pipelines
Bitbucket injects variables from three scopes - workspace, repository, and deployment - as environment variables in your steps.
Set variables in Repository settings > Pipelines > Repository variables (or per-environment Deployment variables). Mark sensitive ones Secured so they are masked.
Reference a secured variable
A secured repository variable is available as a normal env var and masked in logs.
bitbucket-pipelines.yml
pipelines:
default:
- step:
name: Deploy
script:
- curl -H "Authorization: Bearer ${API_TOKEN}" https://api.example.com/deployGotchas
- Never commit secrets to the YAML - define them as Secured variables in the UI instead.
- Deployment variables override repository variables, which override workspace variables.
- Secured variable values cannot be read back after saving and are masked in logs.
Related guides
How to Use Deployment Environments in Bitbucket PipelinesTrack deploys in Bitbucket Pipelines with the deployment key - tag steps as test, staging, or production to p…
How to Create Custom (Manual) Pipelines in Bitbucket PipelinesAdd on-demand pipelines in Bitbucket with the custom key - manual triggers from the UI, plus variables that p…