Bitbucket - Add Deployment Variables

Deployment variables are variables that only apply to pipelines that match the specified deployment. They will override variables of the same name from "team variables" and "repository variables". Thus, they are perfect for things like Laravel's APP_URL, because one wishes want to use one variable name, but have different values for dev, staging, and production.

Steps

Click on Repository settings in your Bitbucket repository.

In the left-hand pane, scroll down and click on Deployments (1), before then clicking the chevron beside the deployment environment you wish to create the variable for (2).

Give your variable a name (1) and value (2). Choose whether this value should be secured (secrets) or not, before clicking Add (4).

Your deployment variable should now appear in the variables section below. Notice that secured variables have a locked padlock (1), and the values are dotted out (2).

For security, secured variables cannot be retrieved/read from this area, only updated or deleted. Secured variables are masked, so they will not appear in any logs. Encoded versions, such as from URL encoding, of the variables are also masked.

SSH Keys

If one needs to add SSH keys as deployment variables, then one simply needs to create them like so:

ssh-keygen -t rsa -b 4096 -N '' -f my_ssh_key

Then base64 encode the variable, because Bitbucket variables cannot handle line endings:

base64 -w 0 < my_ssh_key

Then copy the output to a new secured variable.

Additional Steps

Don't forget that you will need to:

• add the public key to the host in order to be able to connect to it using the key.
• Add the host's fingerprint to your $HOME/.ssh/known_hosts file during the pipeline.
• Base64 decode the SSH key in order to use it. E.g. (umask 077 && echo $MY_SSH_KEY | base64 --decode > ~/.ssh/id_rsa)

References

• Bitbucket Support - Variables And Secrets - Use SSH keys in Bitbucket Pipelines