Access rights on manually running a pipeline

Issue #15789 duplicate
Paul Behrendt
created an issue

Hey,

in my understanding of bitbucket pipelines, the bitbuckets-pipelines.yml that is used for a run, is picked from the branch i run the pipeline on.

So lets say i have a "feature1"-branch, if i manually trigger a pipeline, it will be the version of the "feature1" > bitbucket_pipelines.yml.

Isn't this some kind of insecure in terms of people with write access can echo my environment variables just by modifying and manually running a pipeline?

So i can only give write access to the repo to somebody who is allowed to access server environments too?

And how am i supposed to secure my production deployment pipeline against running them manually on lets say "feature1"-branch and deploying feature1?

I mean, i am limiting write access to my master branch via branch permissions, but this seems not to hold anybody from deploying to my production environment.

Comments (3)

  1. Aneita Yang staff

    Hey Paul,

    We're currently tracking the request to restrict who can run deployment pipelines on issue #13676. I encourage you to vote for that issue, and to comment with your exact use case, if it is something that you're interested in.

    Thanks,
    Aneita

  2. Log in to comment