Skip to content
Bitbucket CLI Bitbucket CLI

Environment Variables

Environment variables allow you to configure the CLI without storing credentials in files. This is especially useful for CI/CD pipelines and automation scripts.

Available Variables

Section titled “Available Variables”
VariableDescriptionExample
BB_USERNAMEYour Bitbucket username (fallback for bb auth login)myuser
BB_API_TOKENYour Bitbucket API token (fallback for bb auth login; forces API token auth when set)ATBB...
BB_WORKSPACEDefault workspace. Overrides config.defaultWorkspace; --workspace and git context still win.myworkspace
BB_LOCALEBCP-47 locale tag for date/time formatting. --locale takes precedence; falls back to LC_TIME/LC_ALL/LANG, then en-US.de-DE
BB_NO_UNICODEWhen set to any non-empty value, use ASCII fallbacks for separators, arrows, and status icons. Equivalent to the global --no-unicode flag.1
NO_COLORDisable color output globally when set to any value1
FORCE_COLORForce-enable color output globally (any value except 0)1
DEBUGEnable HTTP debug logging (request method, URL, status, response body for every API call). Must equal the literal string true.true

Internal / System Variables

Section titled “Internal / System Variables”

These variables are read by the CLI but are normally set by the runtime, your shell, or your operating system rather than by you. They are documented here so they aren’t surprising during troubleshooting.

VariableSet ByDescription
NODE_ENVTest runnersWhen set to test, the CLI suppresses process.exitCode = 1 on errors so a single failing test cannot cascade into later tests. Don’t set this in production.
COMP_LINEtabtab / your shellSet automatically while shell completion is being computed (bb completion). Its presence triggers the completion path; you should not set it manually.
APPDATAWindowsUsed to locate the config file at %APPDATA%\bb\config.json on Windows. The CLI falls back to %USERPROFILE%\AppData\Roaming\bb\config.json if it isn’t set.

Configuration Priority

Section titled “Configuration Priority”

Repository context is resolved in this order (highest priority first):

  1. Command-line flags (--workspace, --repo)
  2. Git repository context (detected from remote URL)
  3. BB_WORKSPACE environment variable
  4. Configuration file (defaultWorkspace)

Authentication credentials are resolved from:

  1. Configuration file (~/.config/bb/config.json on macOS/Linux, %APPDATA%\bb\config.json on Windows)
  2. Environment variables (BB_USERNAME, BB_API_TOKEN) when running bb auth login — setting BB_API_TOKEN automatically uses API token auth instead of OAuth

For color output, precedence is:

  1. --color (force color on — only available on bb pr diff, not a global flag)
  2. FORCE_COLOR
  3. --no-color (global flag, available on all commands)
  4. NO_COLOR

Authentication with Environment Variables

Section titled “Authentication with Environment Variables”

Login from Environment Variables

Section titled “Login from Environment Variables”

When environment variables are set, bb auth login uses them automatically:

Terminal window
export BB_USERNAME=myuser
export BB_API_TOKEN=ATBB_your_token_here


bb auth login  # Uses env vars, no prompts

Non-Interactive Usage

Section titled “Non-Interactive Usage”

For scripts and CI/CD, set both variables before running commands:

Terminal window
export BB_USERNAME=myuser
export BB_API_TOKEN=ATBB_your_token_here


bb auth login
bb pr list -w myworkspace -r myrepo

Shell Configuration

Section titled “Shell Configuration”

Bash

Section titled “Bash”

Add to ~/.bashrc or ~/.bash_profile:

Terminal window
export BB_USERNAME="your-username"
export BB_API_TOKEN="your-api-token"

Then reload:

Terminal window
source ~/.bashrc

Zsh

Section titled “Zsh”

Add to ~/.zshrc:

Terminal window
export BB_USERNAME="your-username"
export BB_API_TOKEN="your-api-token"

Then reload:

Terminal window
source ~/.zshrc

Fish

Section titled “Fish”

Add to ~/.config/fish/config.fish:

Terminal window
set -gx BB_USERNAME "your-username"
set -gx BB_API_TOKEN "your-api-token"

Then reload:

Terminal window
source ~/.config/fish/config.fish

PowerShell

Section titled “PowerShell”

Add to your PowerShell profile ($PROFILE):

Terminal window
$env:BB_USERNAME = "your-username"
$env:BB_API_TOKEN = "your-api-token"

Temporary Session

Section titled “Temporary Session”

Set variables for a single terminal session:

Terminal window
# Linux/macOS
export BB_USERNAME=myuser
export BB_API_TOKEN=ATBB_token


# Windows Command Prompt
set BB_USERNAME=myuser
set BB_API_TOKEN=ATBB_token


# Windows PowerShell
$env:BB_USERNAME = "myuser"
$env:BB_API_TOKEN = "ATBB_token"

Or inline with a single command:

Terminal window
BB_USERNAME=myuser BB_API_TOKEN=ATBB_token bb auth login && bb pr list -w workspace -r repo

Docker Usage

Section titled “Docker Usage”

Pass environment variables to containers:

Terminal window
docker run -e BB_USERNAME=myuser \
           -e BB_API_TOKEN=ATBB_token \
           your-image sh -lc "bb auth login && bb pr list -w workspace -r repo"

Or use an env file:

Terminal window
# .env.bb (not committed to git!)
BB_USERNAME=myuser
BB_API_TOKEN=ATBB_token
Terminal window
docker run --env-file .env.bb your-image sh -lc "bb auth login && bb pr list -w workspace -r repo"

CI/CD Examples

Section titled “CI/CD Examples”

GitHub Actions

Section titled “GitHub Actions”
name: PR Status
on: [push]


jobs:
  check-prs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4


      - name: Setup Bun
        uses: oven-sh/setup-bun@v1
        with:
          bun-version: latest


      - name: Install Bitbucket CLI
        run: npm install -g @pilatos/bitbucket-cli


      - name: List PRs
        env:
          BB_USERNAME: ${{ secrets.BB_USERNAME }}
          BB_API_TOKEN: ${{ secrets.BB_API_TOKEN }}
        run: |
          bb auth login
          bb pr list -w myworkspace -r myrepo --json

GitLab CI

Section titled “GitLab CI”
check-prs:
  image: oven/bun:latest
  variables:
    BB_USERNAME: $BB_USERNAME
    BB_API_TOKEN: $BB_API_TOKEN
  script:
    - npm install -g @pilatos/bitbucket-cli
    - bb auth login
    - bb pr list -w myworkspace -r myrepo --json

Bitbucket Pipelines

Section titled “Bitbucket Pipelines”
image: oven/bun:latest


pipelines:
  default:
    - step:
        name: Check PRs
        script:
          - npm install -g @pilatos/bitbucket-cli
          - bb auth login
          - bb pr list -w $BITBUCKET_WORKSPACE -r $BITBUCKET_REPO_SLUG --json

Security Best Practices

Section titled “Security Best Practices”

  1. Never commit tokens to git

    • Add .env* to your .gitignore
    • Use CI/CD secrets management

  2. Use minimal token scopes

    • Only grant permissions your script needs
    • Read-only tokens for read-only operations

  3. Rotate tokens regularly

    • Especially after team member departures
    • Use short-lived tokens when possible

  4. Use secrets managers in production

    • HashiCorp Vault
    • AWS Secrets Manager
    • Azure Key Vault

  5. Audit token usage

    • Review which tokens are active
    • Revoke unused tokens