Access tokens are a secure way to authenticate with Bitbucket Cloud's APIs, enabling a seamless integration with repositories, workflows, or automation tools like CI/CD systems. Expiration dates provide an essential layer of control by limiting how long a token remains valid, but token rotation enhances this by offering a practical way to refresh a token’s secret and expiration date without needing to recreate it or redefine its scopes.

To rotate an access token associated with a workspace:

1. Atbitbucket.org, navigate to the workspace in which the access token was created.

2. Select theSettingscog on the top navigation bar.

3. SelectWorkspace settingsfrom theSettingsdropdown menu.

4. On the left sidebar, underSecurity, selectAccess tokens.

5. Find the access token you would like to rotate and select… (more options)in theActionscolumn to open the Actions dialog.

6. SelectRotatefrom the list of available actions.

7. Select the date picker and select an expiry date.

8. SelectRotateto create the new (rotated) access token.

9. Update any existing references to your access token to the new token.

The old token phases out quickly:

• Expired tokens: Rotation generates a fresh, active secret; the old one remains invalid.

• Tokens expiring in <=30 minutes: After rotation, the old token remains usable for any time remaining to help ease the transition to your newly rotated token.

• Tokens with >30 minutes left: To provide you with a buffer to update your tools but also to ensure the old token expires in a timely manner, the old token’s lifespan is reduced to 30 minutes.