Bitbucket

Infisical lets you sync secrets to Bitbucket at the repository-level and deployment environment-level. Prerequisites:

Set up and add envars to Infisical Cloud

Push secrets to Bitbucket from Infisical

Pull secrets in Bitbucket pipelines from Infisical

Configure Infisical Access

Configure a Machine Identity for your project and give it permissions to read secrets from your desired Infisical projects and environments.

Initialize Bitbucket variables

Create Bitbucket variables (can be either workspace, repository, or deployment-level) to store Machine Identity Client ID and Client Secret.

Integrate Infisical secrets into the pipeline

Edit your Bitbucket pipeline YAML file to include the use of the Infisical CLI to fetch and inject secrets into any script or command within the pipeline.

Example

image: atlassian/default-image:3

pipelines:
  default:
    - step:
        name: Build application with secrets from Infisical
        script:
          - apt update && apt install -y curl
          - curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash
          - apt-get update && apt-get install -y infisical
          - export INFISICAL_TOKEN=$(infisical login --method=universal-auth --client-id=$INFISICAL_CLIENT_ID --client-secret=$INFISICAL_CLIENT_SECRET --silent --plain)
          - infisical run --projectId=1d0443c1-cd43-4b3a-91a3-9d5f81254a89 --env=dev -- npm run build

Set the values of projectId and env flags in the infisical run command to your intended source path. For more options, refer to the CLI command reference here.

GitLab TeamCity

Secrets Management

Product Reference

Infrastructure Integrations

Secret Syncs

Native Integrations

CI/CD Integrations

Framework Integrations

Build Tool Integrations

Others

Example