Rotate an access token for a repository

Access tokens are a secure way to authenticate with Bitbucket Cloud's APIs, enabling a seamless integration with repositories, workflows, or automation tools like CI/CD systems. Expiration dates provide an essential layer of control by limiting how long a token remains valid, but token rotation enhances this by offering a practical way to refresh a token’s secret and expiration date without needing to recreate it or redefine its scopes.

To rotate an access token associated with a repository:

1. At bitbucket.org, navigate to the repository in which the access token was created.

2. On the left sidebar, select Repository settings.

3. On the left sidebar, under Security, select Access tokens.

4. Find the access token you would like to rotate and select … (more options) in the Actions column to open the Actions dialog.

5. Select Rotate from the list of available actions.

6. Select the date picker and select an expiry date.

7. Select Rotate to create the new (rotated) access token.

8. Update any existing references to your access token to the new token.

The old token phases out quickly:

• Expired tokens: Rotation generates a fresh, active secret; the old one remains invalid.

• Tokens expiring in <=30 minutes: After rotation, the old token remains usable for any time remaining to help ease the transition to your newly rotated token.

• Tokens with >30 minutes left: To provide you with a buffer to update your tools but also to ensure the old token expires in a timely manner, the old token’s lifespan is reduced to 30 minutes.