Skip to content
Latchkey

How to Use Repository and Deployment Variables in Bitbucket Pipelines

Bitbucket injects variables from three scopes - workspace, repository, and deployment - as environment variables in your steps.

Set variables in Repository settings > Pipelines > Repository variables (or per-environment Deployment variables). Mark sensitive ones Secured so they are masked.

Reference a secured variable

A secured repository variable is available as a normal env var and masked in logs.

bitbucket-pipelines.yml
pipelines:
  default:
    - step:
        name: Deploy
        script:
          - curl -H "Authorization: Bearer ${API_TOKEN}" https://api.example.com/deploy

Gotchas

  • Never commit secrets to the YAML - define them as Secured variables in the UI instead.
  • Deployment variables override repository variables, which override workspace variables.
  • Secured variable values cannot be read back after saving and are masked in logs.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →