Repository Access

Wercker needs to be able to check out code from your Git provider (GitHub, Bitbucket, or GitLab). This article describes how Wercker retrieves the code and how to set up repository access.

Private Repositories

For private repositories, Wercker uses an SSH private-public key pair to check out code.

When an application is created in Wercker that's based on a private repository, a public SSH key is added to the repository as a deploy key to authorize access to the repository. A deploy key is an SSH key that is associated with a single repository.

Wercker then uses the private SSH key to check out code.

For more information about deploy keys, see the documentation from your source control provider:

Note that it's only possible to add an SSH key to a single repository. If you have a repository that uses private submodules, see Using Git Submodules.

Public repositories

For public repositories, it's recommended that you do not add a deploy key. Instead, specify that the application is public when you create it, or set the application's Privacy property to Public on the application's Options page.


If you created your application after September 4th, 2014, then you can skip this section. However, if you created your application before September 4th 2014, then you need to migrate to the new flow. This is also applicable to public repositories that never added werckerbot.

You need to go to the settings page of your application; here you can find the repository access section. This wizard will migrate you from using werckerbot to using an SSH key pair. Read the above sections to see which method you can select. The wizard is similar to the add application flow presented in this section.

Once you’ve changed the key, you should remove werckerbot from your organization teams or the access management sections.

We’re keeping werckerbot around till 01-01-2015. After this date we will remove werckerbot. So make sure you migrate before that time to prevent any downtime.