diff --git a/.changeset/short-trains-roll.md b/.changeset/short-trains-roll.md
new file mode 100644
index 0000000000..709d534d57
--- /dev/null
+++ b/.changeset/short-trains-roll.md
@@ -0,0 +1,5 @@
+---
+'@backstage/plugin-scaffolder-backend': minor
+---
+
+User Bearer Authorization header at Git commands with token-based auth at Bitbucket Server.
diff --git a/plugins/scaffolder-backend/src/scaffolder/actions/builtin/publish/bitbucketServer.test.ts b/plugins/scaffolder-backend/src/scaffolder/actions/builtin/publish/bitbucketServer.test.ts
index 7d4eb9b6c5..06d3dfb735 100644
--- a/plugins/scaffolder-backend/src/scaffolder/actions/builtin/publish/bitbucketServer.test.ts
+++ b/plugins/scaffolder-backend/src/scaffolder/actions/builtin/publish/bitbucketServer.test.ts
@@ -357,7 +357,7 @@ describe('publish:bitbucketServer', () => {
       dir: mockContext.workspacePath,
       remoteUrl: 'https://bitbucket.mycompany.com/scm/project/repo',
       defaultBranch: 'master',
-      auth: { username: 'x-token-auth', password: 'thing' },
+      auth: { token: 'thing' },
       logger: mockContext.logger,
       gitAuthorInfo: {},
     });
@@ -455,7 +455,7 @@ describe('publish:bitbucketServer', () => {
       dir: mockContext.workspacePath,
       remoteUrl: 'https://bitbucket.mycompany.com/scm/project/repo',
       defaultBranch: 'main',
-      auth: { username: 'x-token-auth', password: 'thing' },
+      auth: { token: 'thing' },
       logger: mockContext.logger,
       gitAuthorInfo: {},
     });
@@ -524,7 +524,7 @@ describe('publish:bitbucketServer', () => {
     expect(initRepoAndPush).toHaveBeenCalledWith({
       dir: mockContext.workspacePath,
       remoteUrl: 'https://bitbucket.mycompany.com/scm/project/repo',
-      auth: { username: 'x-token-auth', password: 'thing' },
+      auth: { token: 'thing' },
       logger: mockContext.logger,
       defaultBranch: 'master',
       gitAuthorInfo: { name: 'Test', email: 'example@example.com' },
@@ -591,7 +591,7 @@ describe('publish:bitbucketServer', () => {
     expect(initRepoAndPush).toHaveBeenCalledWith({
       dir: mockContext.workspacePath,
       remoteUrl: 'https://bitbucket.mycompany.com/scm/project/repo',
-      auth: { username: 'x-token-auth', password: 'thing' },
+      auth: { token: 'thing' },
       logger: mockContext.logger,
       defaultBranch: 'master',
       commitMessage: 'Test commit message',
diff --git a/plugins/scaffolder-backend/src/scaffolder/actions/builtin/publish/bitbucketServer.ts b/plugins/scaffolder-backend/src/scaffolder/actions/builtin/publish/bitbucketServer.ts
index 10317766d4..712a17de70 100644
--- a/plugins/scaffolder-backend/src/scaffolder/actions/builtin/publish/bitbucketServer.ts
+++ b/plugins/scaffolder-backend/src/scaffolder/actions/builtin/publish/bitbucketServer.ts
@@ -221,7 +221,7 @@ export function createPublishBitbucketServerAction(options: {
       const authorization = reqOpts.headers.Authorization;
       if (!authorization) {
         throw new Error(
-          `Authorization has not been provided for ${integrationConfig.config.host}. Please add either (a) a user login auth token, (b) a token or (c) username + password to the integration config.`,
+          `Authorization has not been provided for ${integrationConfig.config.host}. Please add either (a) a user login auth token, or (b) a token or (c) username + password to the integration config.`,
         );
       }
 
@@ -243,8 +243,7 @@ export function createPublishBitbucketServerAction(options: {
 
       const auth = authConfig.token
         ? {
-            username: 'x-token-auth',
-            password: token!,
+            token: token!,
           }
         : {
             username: authConfig.username!,