Skip to content
Bitbucket CLI Bitbucket CLI

Environment Variables

Environment variables allow you to configure the CLI without storing credentials in files. This is especially useful for CI/CD pipelines and automation scripts.

Available Variables

Section titled “Available Variables”
VariableDescriptionExample
BB_USERNAMEYour Bitbucket usernamemyuser
BB_API_TOKENYour Bitbucket API tokenATBB...
NO_COLORDisable color output globally1
FORCE_COLORForce-enable color output globally1

Configuration Priority

Section titled “Configuration Priority”

Repository context is resolved in this order (highest priority first):

  1. Command-line flags (--workspace, --repo)
  2. Git repository context (detected from remote URL)
  3. Configuration file (defaultWorkspace)

Authentication credentials are resolved from:

  1. Configuration file (~/.config/bb/config.json on macOS/Linux, %APPDATA%\bb\config.json on Windows)
  2. Environment variables (BB_USERNAME, BB_API_TOKEN) when running bb auth login

For color output, precedence is:

  1. --color (force color on)
  2. FORCE_COLOR
  3. --no-color
  4. NO_COLOR

Authentication with Environment Variables

Section titled “Authentication with Environment Variables”

Login from Environment Variables

Section titled “Login from Environment Variables”

When environment variables are set, bb auth login uses them automatically:

Terminal window
export BB_USERNAME=myuser
export BB_API_TOKEN=ATBB_your_token_here


bb auth login  # Uses env vars, no prompts

Non-Interactive Usage

Section titled “Non-Interactive Usage”

For scripts and CI/CD, set both variables before running commands:

Terminal window
export BB_USERNAME=myuser
export BB_API_TOKEN=ATBB_your_token_here


bb auth login
bb pr list -w myworkspace -r myrepo

Shell Configuration

Section titled “Shell Configuration”

Bash

Section titled “Bash”

Add to ~/.bashrc or ~/.bash_profile:

Terminal window
export BB_USERNAME="your-username"
export BB_API_TOKEN="your-api-token"

Then reload:

Terminal window
source ~/.bashrc

Zsh

Section titled “Zsh”

Add to ~/.zshrc:

Terminal window
export BB_USERNAME="your-username"
export BB_API_TOKEN="your-api-token"

Then reload:

Terminal window
source ~/.zshrc

Fish

Section titled “Fish”

Add to ~/.config/fish/config.fish:

Terminal window
set -gx BB_USERNAME "your-username"
set -gx BB_API_TOKEN "your-api-token"

Then reload:

Terminal window
source ~/.config/fish/config.fish

PowerShell

Section titled “PowerShell”

Add to your PowerShell profile ($PROFILE):

Terminal window
$env:BB_USERNAME = "your-username"
$env:BB_API_TOKEN = "your-api-token"

Temporary Session

Section titled “Temporary Session”

Set variables for a single terminal session:

Terminal window
# Linux/macOS
export BB_USERNAME=myuser
export BB_API_TOKEN=ATBB_token


# Windows Command Prompt
set BB_USERNAME=myuser
set BB_API_TOKEN=ATBB_token


# Windows PowerShell
$env:BB_USERNAME = "myuser"
$env:BB_API_TOKEN = "ATBB_token"

Or inline with a single command:

Terminal window
BB_USERNAME=myuser BB_API_TOKEN=ATBB_token bb auth login && bb pr list -w workspace -r repo

Docker Usage

Section titled “Docker Usage”

Pass environment variables to containers:

Terminal window
docker run -e BB_USERNAME=myuser \
           -e BB_API_TOKEN=ATBB_token \
           your-image sh -lc "bb auth login && bb pr list -w workspace -r repo"

Or use an env file:

Terminal window
# .env.bb (not committed to git!)
BB_USERNAME=myuser
BB_API_TOKEN=ATBB_token
Terminal window
docker run --env-file .env.bb your-image sh -lc "bb auth login && bb pr list -w workspace -r repo"

CI/CD Examples

Section titled “CI/CD Examples”

GitHub Actions

Section titled “GitHub Actions”
name: PR Status
on: [push]


jobs:
  check-prs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4


      - name: Setup Bun
        uses: oven-sh/setup-bun@v1
        with:
          bun-version: latest


      - name: Install Bitbucket CLI
        run: npm install -g @pilatos/bitbucket-cli


      - name: List PRs
        env:
          BB_USERNAME: ${{ secrets.BB_USERNAME }}
          BB_API_TOKEN: ${{ secrets.BB_API_TOKEN }}
        run: |
          bb auth login
          bb pr list -w myworkspace -r myrepo --json

GitLab CI

Section titled “GitLab CI”
check-prs:
  image: oven/bun:latest
  variables:
    BB_USERNAME: $BB_USERNAME
    BB_API_TOKEN: $BB_API_TOKEN
  script:
    - npm install -g @pilatos/bitbucket-cli
    - bb auth login
    - bb pr list -w myworkspace -r myrepo --json

Bitbucket Pipelines

Section titled “Bitbucket Pipelines”
image: oven/bun:latest


pipelines:
  default:
    - step:
        name: Check PRs
        script:
          - npm install -g @pilatos/bitbucket-cli
          - bb auth login
          - bb pr list -w $BITBUCKET_WORKSPACE -r $BITBUCKET_REPO_SLUG --json

Security Best Practices

Section titled “Security Best Practices”

  1. Never commit tokens to git

    • Add .env* to your .gitignore
    • Use CI/CD secrets management

  2. Use minimal token scopes

    • Only grant permissions your script needs
    • Read-only tokens for read-only operations

  3. Rotate tokens regularly

    • Especially after team member departures
    • Use short-lived tokens when possible

  4. Use secrets managers in production

    • HashiCorp Vault
    • AWS Secrets Manager
    • Azure Key Vault

  5. Audit token usage

    • Review which tokens are active
    • Revoke unused tokens