1. Bitbucket
  2. Public Issue Tracker
  3. master
  4. Issues

Issues

Issue #7983 resolved

Discrepancy between docs and live for deploy-key updates

Les Aker
created an issue

The API docs specify that a deploy key can be updated by sending a PUT to the key's URL:

https://bitbucket.org/api/1.0/repositories/{user}/{repo}/deploy-keys/{keyid}

This worked as documented until a few weeks ago, when attempting to update a deploy key began returning a 400 error with the message "The content of a deploy key cannot be modified."

Is this an intentional change, and if so, can the documentation be updated to reflect it?

Comments (6)

  1. suwat bodin

    May you share what security reasons are? How is delete/add gesture more secured than editing? BTW, once ones have a valid token, update SSH key is the least of your problem. More harm can be done.

  2. Les Aker reporter

    suwat bodin For starters, updating a key doesn't kick off a security email. So if an attacker gets your creds and replaces one of your keys with their key, you don't know until you try to use it.

  3. suwat bodin

    Honestly, if I know your cred, why bother replace the key, I can just add new one or do something else more harmful. As far as security mail is concerned, if ones' secret got exposed regardless of how long, the damage is done and all bets are off. Just me,

    BTW, this change broke certain scenario in Windows Azure (we do update key).

  4. Log in to comment