Ideally you need to be creating new keys for each node. That's the whole point of key-based SSH authentication.
If a single server is compromised, you can just stop trusting that specific key, replace it, and move on.
Now, if you really wanted to do it the way you're suggesting, with a single key, then you will need to make sure that the private key is on each host. I'll leave this as an exercise for you to figure out how to do this.
Then you would configure ~/.ssh/config to specify the key you want to use when accessing that repository. You might want to do something like:
Your puppet config:
# install git repo
vcsrepo { "/home/repo":
ensure => present,
provider => git,
source => "git@bitbucket:pk2klic/test.git",
}
And ~/.ssh/config:
Host bitbucket
Hostname bitbucket.org
IdentityFile ~/.ssh/id_rsa-bitbucket
IdentitiesOnly yes
Note the change I've made to the git repo here. I'm using the alias bitbucket instead of the real hostname. The real hostname is set in the .ssh/config file. I'm assuming that you've put your shared private key in ~/.ssh/id_rsa-bitbucket
This way if the user just pushes/pulls in that repo, it will use the specific key, but if they want to clone their own personal stuff from BitBucket they can just use the real git@bitbucket.org:example/example.git, and it will just use their personal SSH key (as it would normally).
