Personal access token gitlab how to use

Personal access tokens (FREE)

Personal access tokens can be an alternative to OAuth2 and used to:

In both cases, you authenticate with a personal access token in place of your password.

Personal access tokens are:

NOTE: Though required, GitLab usernames are ignored when authenticating with a personal access token. There is an issue for tracking to make GitLab use the username.

For examples of how you can use a personal access token to authenticate with the API, see the API documentation.

Alternately, GitLab administrators can use the API to create impersonation tokens. Use impersonation tokens to automate authentication as a specific user.

Create a personal access token

You can create as many personal access tokens as you like.

Save the personal access token somewhere safe. After you leave the page, you no longer have access to the token.

Prefill personal access token name and scopes

You can link directly to the Personal Access Token page and have the form prefilled with a name and list of scopes. To do this, you can append a name parameter and a list of comma-separated scopes to the URL. For example:

WARNING: Personal access tokens must be treated carefully. Read our token security considerations for guidance on managing personal access tokens (for example, setting a short expiry and using minimal scopes).

Revoke a personal access token

At any time, you can revoke a personal access token.

View the last time a token was used

Token usage is updated once every 24 hours. It is updated each time the token is used to request API resources and the GraphQL API.

To view the last time a token was used:

Personal access token scopes

A personal access token can perform actions based on the assigned scopes.

When personal access tokens expire

Personal access tokens expire on the date you define, at midnight UTC.

Create a personal access token programmatically (FREE SELF)

You can create a predetermined personal access token as part of your tests or automation.

To create a personal access token programmatically:

Open a Rails console:

Run the following commands to reference the username, the token, and the scopes.

The token must be 20 characters long. The scopes must be valid and are visible in the source code.

For example, to create a token that belongs to a user with username automation-bot :

This code can be shortened into a single-line shell command by using the Rails runner:

Revoke a personal access token programmatically (FREE SELF)

You can programmatically revoke a personal access token as part of your tests or automation.

To revoke a token programmatically:

Open a Rails console:

This code can be shortened into a single-line shell command using the Rails runner:

Alternatives to personal access tokens

For Git over HTTPS, an alternative to personal access tokens is Git Credential Manager, which securely authenticates using OAuth.

Personal access token gitlab how to use

Personal access tokens (FREE)

Personal access tokens can be an alternative to OAuth2 and used to:

In both cases, you authenticate with a personal access token in place of your password.

Personal access tokens are:

NOTE: Though required, GitLab usernames are ignored when authenticating with a personal access token. There is an issue for tracking to make GitLab use the username.

For examples of how you can use a personal access token to authenticate with the API, see the API documentation.

Alternately, GitLab administrators can use the API to create impersonation tokens. Use impersonation tokens to automate authentication as a specific user.

Create a personal access token

You can create as many personal access tokens as you like.

Save the personal access token somewhere safe. After you leave the page, you no longer have access to the token.

Prefill personal access token name and scopes

You can link directly to the Personal Access Token page and have the form prefilled with a name and list of scopes. To do this, you can append a name parameter and a list of comma-separated scopes to the URL. For example:

WARNING: Personal access tokens must be treated carefully. Read our token security considerations for guidance on managing personal access tokens (for example, setting a short expiry and using minimal scopes).

Revoke a personal access token

At any time, you can revoke a personal access token.

View the last time a token was used

Token usage is updated once every 24 hours. It is updated each time the token is used to request API resources and the GraphQL API.

To view the last time a token was used:

Personal access token scopes

A personal access token can perform actions based on the assigned scopes.

When personal access tokens expire

Personal access tokens expire on the date you define, at midnight UTC.

Create a personal access token programmatically (FREE SELF)

You can create a predetermined personal access token as part of your tests or automation.

To create a personal access token programmatically:

Open a Rails console:

Run the following commands to reference the username, the token, and the scopes.

The token must be 20 characters long. The scopes must be valid and are visible in the source code.

For example, to create a token that belongs to a user with username automation-bot :

This code can be shortened into a single-line shell command by using the Rails runner:

Revoke a personal access token programmatically (FREE SELF)

You can programmatically revoke a personal access token as part of your tests or automation.

To revoke a token programmatically:

Open a Rails console:

This code can be shortened into a single-line shell command using the Rails runner:

Alternatives to personal access tokens

For Git over HTTPS, an alternative to personal access tokens is Git Credential Manager, which securely authenticates using OAuth.

Personal access tokens

If you’re unable to use OAuth2, you can use a personal access token to authenticate with the GitLab API. You can also use a personal access token with Git to authenticate over HTTP.

In both cases, you authenticate with a personal access token in place of your password.

Personal access tokens are required when Two-Factor Authentication (2FA) is enabled.

For examples of how you can use a personal access token to authenticate with the API, see the API documentation.

Alternately, GitLab administrators can use the API to create impersonation tokens. Use impersonation tokens to automate authentication as a specific user.

Create a personal access token

You can create as many personal access tokens as you like.

Save the personal access token somewhere safe. After you leave the page, you no longer have access to the token.

Prefill personal access token name and scopes

You can link directly to the Personal Access Token page and have the form prefilled with a name and list of scopes. To do this, you can append a name parameter and a list of comma-separated scopes to the URL. For example:

Revoke a personal access token

At any time, you can revoke a personal access token.

View the last time a token was used

Token usage is updated once every 24 hours. It is updated each time the token is used to request API resources and the GraphQL API.

To view the last time a token was used:

Personal access token scopes

A personal access token can perform actions based on the assigned scopes.

When personal access tokens expire

Personal access tokens expire on the date you define, at midnight UTC.

Create a personal access token programmatically (FREE SELF)

You can create a predetermined personal access token as part of your tests or automation.

To create a personal access token programmatically:

Open a Rails console:

Run the following commands to reference the username, the token, and the scopes.

The token must be 20 characters long. The scopes must be valid and are visible in the source code.

For example, to create a token that belongs to a user with username automation-bot :

This code can be shortened into a single-line shell command by using the Rails runner:

Revoke a personal access token programmatically (FREE SELF)

You can programmatically revoke a personal access token as part of your tests or automation.

To revoke a token programmatically:

Open a Rails console:

This code can be shortened into a single-line shell command using the Rails runner:

Using GitLab token to clone without authentication

Part of GitLab Collective

I want to clone GitLab repository without prompt for my automation script, by using my private token from my GitLab account.

Can someone provide me a sample?

I know I can do so with user and password:

and I know it is possible with ssh key

But, both options are insufficient.

15 Answers 15

Trending sort

Trending sort is based off of the default sorting method — by highest score — but it boosts votes that have happened recently, helping to surface more up-to-date answers.

It falls back to sorting by highest score if no posts are trending.

Switch to Trending sort

This is how you do it:

Answer recommended by GitLab

The gitlab has a lot of tokens:

I tested only the Personal Access Token using GitLab Community Edition 10.1.2, the example:

or using username and password:

or by input your password:

But the private token seems can not work.

You can do it like this:

needs to be replaced with the CI runner’s token, not the account’s private token.

Use the token instead of the password (the token needs to have «api» scope for clone to be allowed):

Tested against 11.0.0-ee.

If you already has a repository and just changed the way you do authentication to MFA, u can change your remote origin HTTP URI to use your new api token as follows:

And you wont need to re-clone the repository at all.

You can use the runners token for CI/CD Pipelines of your GitLab repo.

Where can be obtained from:

Screenshot of the runners token location:

One possible way is using a deploy token (https://docs.gitlab.com/ee/user/project/deploy_tokens). After creating the token, use:

as mentioned in the link above.

Inside a GitLab CI pipeline the CI_JOB_TOKEN environment variable works for me:

In 8.12 we improved build permissions. Being able to clone project using runners token it is no supported from now on (it was actually working by coincidence and was never a fully fledged feature, so we changed that in 8.12). You should use build token instead.

Many answers above are close, but they get

username syntax for deploy tokens incorrect. There are other types of tokens, but the deploy token is what gitlab offers (circa 2020+ at least) per repo to allow customized access, including read-only.

Tested on gitlab.com public, free account.

These days (Oct 2020) you can use just the following

Which will expand to something like:

Where the «token» password is ephemeral token (it will be automatically revoked after a build is complete).

I went SSH using the per project deploy keys setting (read only)

In my case, I just provided the token instead the password (second input field).

I pushed a local repo for the first time from the command line.

From the scratch, these are the commands I entered (remember to move inside the repo’s folder first).

Then, the pop-up message you can see in the picture comes up. Provided USERNAME and TOKEN.

There are a couple of important points:

Background: I got

when I tried to make Ansible + Gitlab + Docker work as I imagine it. Now it works.

Personal access tokens

In both cases, you authenticate with a personal access token in place of your password.

For examples of how you can use a personal access token to authenticate with the API, see the API documentation.

Alternately, GitLab administrators can use the API to create impersonation tokens. Use impersonation tokens to automate authentication as a specific user.

Create a personal access token

Save the personal access token somewhere safe. After you leave the page, you no longer have access to the token.

Prefill personal access token name and scopes

You can link directly to the Personal Access Token page and have the form prefilled with a name and list of scopes. To do this, you can append a name parameter and a list of comma-separated scopes to the URL. For example:

Revoke a personal access token

View the last time a token was used

Token usage is updated once every 24 hours. It is updated each time the token is used to request API resources and the GraphQL API.

Personal access token scopes

When personal access tokens expire

Create a personal access token programmatically

You can create a predetermined personal access token as part of your tests or automation.

To create a personal access token programmatically:

Open a Rails console:

Run the following commands to reference the username, the token, and the scopes.

The token must be 20 characters long. The scopes must be valid and are visible in the source code.

For example, to create a token that belongs to a user with username automation-bot :

This code can be shortened into a single-line shell command by using the Rails runner:

Revoke a personal access token programmatically

You can programmatically revoke a personal access token as part of your tests or automation.

To revoke a token programmatically:

Open a Rails console:

This code can be shortened into a single-line shell command using the Rails runner:

Alternatives to personal access tokens

For Git over HTTPS, an alternative to personal access tokens is Git Credential Manager, which securely authenticates using OAuth.

Help & feedback

Product

Feature availability and product trials

Get Help

If you didn’t find what you were looking for, search the docs.

If you want help with something specific and could use community support, post on the GitLab forum.

For problems setting up or using this feature (depending on your GitLab subscription).