Bit Bucket is a popular cloud-based version control system that allows developers to collaborate and manage their code.

This is a useful skill for Salesforce developers who want to streamline their development process and ensure consistency across different environments.

Whether you are working on a sandbox, a developer org, or a production org, you can use Bit Bucket to track your changes and deploy them easily and securely.

In this blog post, we will show you how to use BitBucket with Salesforce to deploy changes from one org to another in three different blogs. So, let’s begin!

Features of Bitbucket that make it a great choice for Salesforce developers:

Bitbucket Pipelines:

  • Continuous integration and delivery with Docker containers.
  • Automates Salesforce code deployment to any environment.
  • Executes Apex tests, code coverage, and analysis.

Bitbucket Branch Permissions:

  • Grants control over branch access and modifications.
  • Sets permissions for users, groups, or roles.
  • Enforces rules like pull request requirements for enhanced code quality and security.

Bitbucket Pull Requests:

  • Collaborative code review and merging.
  • Creation and review from any branch to any branch.
  • Links to Jira issues, resolves conflicts, and ensures confident merging.

Bitbucket Code Insights:

  • Integrates third-party tools into pull requests.
  • Displays code quality, test results, security scans, and more.
  • Enhances visibility and feedback for code improvement.

Step-by-Step Guide of Creating and Deployment BitBucket account in Salesforce using CI/CD pipeline:

Step 1. Create an Account in BitBucket:

Go to Bitbucket.
Click on “Get Started It Free”, then click on Next.

Get Started It Free

Sign In using entering your email address or other given methods.

Here we are doing with Google. Select your Google account and click on continue.

Select your google account

Enter a unique username then click on continue.

After creating an account in Bit Bucket you will get Create a Workspace Button. Click on it.

Enter workspace name . Here I’m using My Work Space. Workspace ID field will be automatically filled. It Should be unique.

Check the Keep this workspace private check box to make workspace private.

Click on Create. After creating a workspace you will get many options like Repository, Project etc.

Step 2. Create Project in BitBucket:

  • Click on Projects on top, then click on the Create Project button.
  • Enter Salesforce Project in the Name of the project. The key field will be auto-populate according to the Name field.
  • Enter the description of the Project.
  • Check the Private Project check box. Then Click on the Create Project button.
Create Project

Step 3: Create Repository in BitBucket:

  • After creating the project successfully click on Repository and click on Create Repository.
  • For the project select the Salesforce Project just we created.
  • Enter the Bit Bucket Repo1 for Repository Name.
  • For Include a README? select Yes, with the tutorial.
  • For Default branch name enter “Dev”. And for Include .gitignore? select Yes.
  • Click on Create Repository.
Create Repository in Bit Bucket

Step 4: Create pipeline in Bit Bucket:

After creating repository click on Pipelines on the left side bar.

Click on Two-step verification.

Step 1: Download a two-step verification app:

  • Download the “Twilio Authy” authenticator app on your mobile.
  • Create and verify the account in the “Twilio Authy” app.

After verifying the account you will get a + icon on the screen. Click on that + button on the “Twilio Authy” app.

Step 2: Scan the QR code:

  • Scan the QR code shown in Two Step verification.
  • After scanning QR click on save.
  • After saving it will show some number(code).

Step 3: Enter the resulting verification code:

  • Enter these number(code) in Enter the resulting verification code field in Two-step verification.
  • Note: Number(code) will refresh in time of interval so add same code in Enter the resulting verification code field before refreshing.
  • Click on Enable.
  • BitBucket will send an email to your email open that email and click on Enable Two step verification.

Note: If after clicking on Enable Two step verification it again show Two-step verification screen and say to add verification code so repeat step 3. Or Refresh page.

Enable Two step verification

After successfully enabling Two Step Verification again click on Repository and click on “bitbucket-repo1”

Click on Pipelines on the left side bar. Then click on Create your first pipeline

Create your first pipeline

Click on Select button in Starter pipeline. Then click on commit file.

Select button in Starter pipeline

Step 5: Create Branches in Repository:

Click on Branches in left side bar. Then click on Create Branch.

Create Branch

For Branch Name enter main and click on Create.

Create these all branches by repeating above steps:
sub_uat
main_uat
sub_main

After creating, change filter from Active branches to All branches right side of Search branch it should looks like this:

Step 6: Get an Enterprise edition trail org:

  • Here we are not using Dev orgs because we are going to run all local tests. In dev org, you might get an error when running all local tests. So that’s why we are using fresh org.
  • Get an Enterprise edition org or where we can create apex class and all.
  • After clicking the above hyperlink, you will be redirected to a new page.
  • Scroll down you will Try for free button click on it.
Try for free button

Fill in all the necessary information and click on Start My Free Trail.

It takes little bit time, when org is ready you will get an email to verify your email and adding the password.

Step 7: Check for OpenSSL:

  • First of all, check whether your system has OpenSSL or not .
  • Run “openssl version” command on terminal to check OpenSSL.
  • It will return OpenSSL ‘s version if it exist in your system.
Check for OpenSSL

If it exists in your system then you can skip this step. If it does not exist you can download it from here: Link

After clicking on the above Link scroll down, and from the “Download Win32/Win64 OpenSSL” section in the file column and click on Exe under “Win64 OpenSSL v3.2.0”.

Download Win32/Win64 OpenSSL

Run the OpenSSL Installer. Accept user agreement, click Next, Next, Next, and Install.

Run the OpenSSL Installer

Once the installation completes, the setup wizard will prompt you to finish the installation. Click Finish to complete the OpenSSL installation process.

To set environment variable Open Run using ‘Windows’ + ‘r’ then type ‘sysdm.cpl‘. Click Ok,EGo to Advanced > Environment Variable.

After clicking on Environment Variable in System variable section click on Path then click on edit.

Click on New and copy this path C:\Program Files\OpenSSL-Win64\bin. Click on ok, ok, ok.

Now verify installation open terminal and run this command “openssl version” it will return the version on OpenSSL.

run this command “openssl version

Step 8: Generate an OpenSSL Certificate:

Open a terminal (macOS and Linux) or command prompt (Windows).

Create a directory for storing the generated files, and change to the directory.

Open created directory.

Open this Directory

Generate a private key, and store it in a file called server.key.

Replace SomePassword with any password and remember it.

Generate a certificate signing request using the server.key file. Store the certificate signing request in a file called server.csr. Enter information about your company when prompted.

Generate a self-signed digital certificate from the server.key and server.csr files. Store the certificate in a file called server.crt.

You can these all files under C:\JWT Directory.

Step 9: Create a Connected App in Org:

Open the org you got from step 5.

From Setup, enter App Manager in the Quick Find box, then select App Manager.

select App Manager

In the top-right corner, click New Connected App.

Update the basic information as needed, such as the connected app name and your email address.

  • For Name Bit Bucket App and email add your email.
  • Select Enable OAuth Settings.
  • For the callback URL, enter sfdc://oauth/jwt/success
  • Select Use digital signatures.

Click Choose File and upload file that contains your digital certificate, such as server.crt from C:\JWT

Add these OAuth scopes:

  • Manage user data via APIs (api)
  • Full access(full)
  • Perform requests at any time (refresh_token, offline_access)
  • If enabled, disable Require Proof Key for Code Exchange (PKCE) Extension for Supported Authorization Flows.
  • Click Save, then Continue.
  • Click Manage Consumer Details.

If prompted, verify your identity by entering the verification code that was automatically sent to your email address.

Click Copy next to Consumer Key and keep it safe because you need it later when you run an org login command. This is your Production’s Consumer Key.

Now, Click Manage. Click Edit Policies.
In the OAuth Policies section, select Admin approved users are pre-authorized for permitted users, and click OK. Then click on Save.

Click Manage Profiles, select the profiles that are pre-authorized to use this connected app, and click Save. Here I have selected System admin only.

Step 10: Create Dev and UAT sandboxes from org:

After successfully creating the connected app search for Sandboxes in the Quick Find box. Click on sandbox.

  • Click on New Sandbox.
  • For Name enter Dev and in the Sandbox License section click on Next under Developer.
  • Leave the Apex field and click on Create.

The creation process of the sandbox will be started.

Again click on New Sandbox.

  • For Name enter Uat and in the Sandbox License section click on Next under Developer.
  • Leave the Apex field and click on Create.

The Creation process of the sandbox will be started.

After the creation of sandboxes will get notified through mail. Or you can check it by navigating Sandboxes from the setup quick find box.

Step 11: Get Key, Iv(Initialization vector), and Encrypt the server.key for Uat and Prod Environments.

Because the generated server.key is a confidential key we should avoid adding it directly to our project. So to resolve this issue we can generate, Iv(Initialization vector) for server.key and encrypt our server.key. Then we can add it to our project.

We have to generate 2 different Encrypted versions of server.key and 2 pairs of keys and Iv. One for Production and another for Uat.

If you have more destination environments then you have to create a more Encrypted version of server.key and pair of key and Iv.

Here we are using two destination orgs (Production and UAT) so we are creating two 2 different Encrypted versions of server.key and 2 pair of keys and Iv.
(Note: server.key will be same for both environments but Encrypted version of server.key, key, and Iv will be different for both environments.)

For Production Environment:

First, generate a key and initialization vector (iv) to encrypt your server.key file locally. The key and iv are used by Bitbucket Pipelines to decrypt your server key in the build environment.

You will get the Key and Iv pair in output. keep safe these values. These are for the production environment.

Encrypt the server.key using the newly generated key and iv values. Use the key and iv values only once, and don’t use them to encrypt more than the server.key.

While you can re-use this pair to encrypt other things, it’s considered a security violation to do so. Every time you run the command above, a new key and iv value are generated. Don’t regenerate the same pair. If you lose these values, generate new ones and encrypt again. You can store these files in C:\JWTwe are also saving them in same directory.

Replace <your_key_location/server.key> with actual location of server.key and Replace <location where you want to store it> with location where you want to save this file.

  • Replace <key from above> and <iv from above> with key and Iv respectively you get in above step.

Store the key, and iv values somewhere safe. You’ll use these in values in a subsequent step in the Bitbucket Pipelines UI. These values are considered secret so please treat them as such.

For Uat Environment:
Login into the Uat Environment you created in step 9.

The username will be the same as production only change is that add .uat after .com in your Production username. For Exp your Prod username is abc@force.com so your Uat username will be abc@force.com.uat

Password will be the same as production if you do not change it.

  • After logging into the UAT environment navigate to Setup>App Manager.
  • Find your connected app and click on its dropdown menu, click on view.
Find your connected app

From the API (Enable OAuth Settings) section click on Manage Consumer Detail.

Enter the verification code and copy the Consumer Key and Consumer Secret

This is your consumer key for the Uat environment keep these values. We gonna use these in further steps.

Now generate a key and initialization vector (iv) for Uat Environment to encrypt your server.key file locally. The key and iv are used by Bitbucket Pipelines to decrypt your server key in the build environment.

You will get Key and Iv pair in output. keep safe these values. These are for UAT environment.

Encrypt the server.key using the newly generated key and iv values.

Note: Use the key and iv values only once, and don’t use them to encrypt more than the server.key. While you can re-use this pair to encrypt other things, it’s considered a security violation to do so. Every time you run the command above, a new key and iv value are generated. Don’t regenerate the same pair. If you lose these values, generate new ones and encrypt them again.

You can store these files in C:\JWTas we are saving them in the same directory

Replace <your_key_location/server.key> with the actual location of the server.key and Replace <location where you want to store it> with the location where you want to save this file.

  • Replace <key from above> and <iv from above> with the key and Iv respectively you get in the above step.

Store the key and iv values somewhere safe. You’ll use these in values in a subsequent step in the Bitbucket Pipelines UI. These values are considered secret so please treat them as such.

Wrap-Up

In this blog, we have generated server.key. encrypt key and iv for Production and server1.key.enc, key, and iv for Uat Environment. Keep safe all files and keys as we are going to use these in further steps. We will be covering the next step of component creation and deployment in Salesforce in our next blogs. Stay tuned!

Related Articles

In this detailed guide, we will walk you through the significant yet easy steps to configure Email to Salesforce. Without any further ado, let’s get started! About Email to Salesforce As the term refers, Email to Salesforce is valuable for any organization that businesses use as their Customer Relationship Management (CRM) platform. It helps streamline […]

Read More
Guide on CRUD Operations in Node.js with jsForce

CRM developers typically need to integrate Salesforce with Node.js apps. One well-known library for this purpose is jsForce, which provides a comprehensive set of tools for interacting with Salesforce data and performing CRUD tasks effectively. Let’s dive into the blog, where you will understand the use of jsForce to execute key CRUD tasks within Salesforce, […]

Read More
How to Implement Round Robin Assignments in Salesforce Using Apex

Ensuring a proper workload balance and quick follow-ups from internal or external team members, leads, opportunities, or task distributions is crucial. To achieve this, all you need is a Round Robin assignment. In this step-by-step guide, we will walk you through the process of implementing a round-robin assignment in Salesforce using Apex. Here, we’ve used […]

Read More
Best Salesforce Developments Services Provider

In this step-by-step guide, we will walk you through the significant role of Large Data Volumes in Salesforce, and what strategies or practices you should keep in mind. What is Large Data Volumes? In Salesforce, Large Data Volumes (LDV) refers to managing a huge amount of records available in the platform. LDV usually comes into […]

Read More

Salesforce Apex includes numerous built-in text handling classes, and in addition to them, the Pattern and Matcher classes are good for performing complex string operations. These classes enable us to define and work with regular expressions, which are of particular importance for data validation, searching, and modification. In this technical blog, we will find out […]

Read More

Maintaining security and compliance in Salesforce requires effective user access management. This article will lead you through the process of creating expiration dates for Permission Sets and Permission Set Groups, allowing you to automate access removal while minimizing manual work. Know how this functionality simplifies workflows, guarantees compliance, and improves security procedures. Why Use Expiration […]

Read More
Our Location worldwide
Indian Flag India
3rd Floor, A-10, Pegasus Tower, Sector 68, Noida, Uttar Pradesh 201301 +91-1203117884
United States of America Flag USA
333 West Brown Deer Road Unit G – 366 Milwaukee WI, USA 53217 +1(262) 310-7818
United Kingdom Flag UK
7 Bell Yard, London, WC2A 2JR +44 20 3239 9428
Canada Canada
HIC Global Solutions INC
43 Lafferty Lane, Richmond Hill, L4C 3N8, CA +1(262) 310-7818