codetomake.com

Project access tokens | GitLab

2024.12.12 20:59



Docs What's new? Get free trial Tutorials Find your way around GitLab Tutorial: Use the left sidebar to navigate GitLab Learn Git Plan and track your work Build your application Secure your application Manage your infrastructure Extend with GitLab Find more tutorials Subscribe GitLab plans Troubleshooting GitLab.com Compute minutes Free user limit Free push limit Read-only namespaces Storage GitLab self-managed Activate Enterprise Edition GitLab Dedicated GitLab Dedicated for Government Data residency and high availability Maintenance GitLab Duo add-ons Community programs Customers Portal Quarterly reconciliation Compute quota Features available to Starter and Bronze subscribers Install Requirements PostgreSQL extensions Installation methods Linux package (Omnibus) Architecture Omnibus packages and images Package information Package defaults Package licensing Package signatures PostgreSQL versions Installation Deprecation policy Supported OSes Install JiHu Edition Configure Action Cable Backups Configuration options Custom environment variables Database GitLab Mattermost High availability roles Logs Microsoft Graph Mailer NGINX Troubleshooting Gitaly Cluster Prometheus Puma Raspberry Pi Redis SMTP Rake tasks SSL Upgrading to OpenSSL 3 Troubleshooting DNS Image scaling Memory-constrained environments Release process Maintain Troubleshooting Helm chart (Kubernetes) Install Verify CNG images Test the GitLab chart on GKE or EKS Install prerequisites Chart versions Provenance Secrets RBAC Storage TLS Set up cloud resources Azure Kubernetes Service Amazon EKS Google Kubernetes Engine OpenShift Origin Oracle Container Engine for Kubernetes Deploy the Helm chart Deployment options Configure Globals certmanager-issuer chart GitLab subcharts Gitaly chart GitLab Exporter chart GitLab Pages chart GitLab Runner chart GitLab Shell chart KAS chart Mailroom chart Migrations chart Praefect chart Sidekiq chart Spamcheck chart Toolbox chart Webservice chart HAProxy chart Minio chart NGINX chart NGINX chart fork Registry chart Metadata database Traefik chart Zoekt chart shared-secrets job Advanced Custom Docker images External database Set up external PostgreSQL database External Gitaly Set up external Gitaly External GitLab Pages External Mattermost External Nginx External object storage Configure MinIO Configure Workload Identity Federation Configure Azure MinIO gateway Configure IAM roles for AWS External Redis Set up external Redis FIPS-compliant images Geo Internal TLS between services Multiple databases Persistent volumes Red Hat UBI-based images Upgrade Database upgrade Release notes 8.0 Release notes 7.0 Release notes 6.0 Backup and Restore Backup Restore Migration guides Migrate from the Linux package Migrate to the Linux package Migrate between Helm versions Migrate to MinIO Uninstall Troubleshooting Operator (Kubernetes) Install Backup and restore Upgrade GitLab Support for Git over SSH Upgrade the Operator Ingress in OpenShift OpenShift support RedHat-certified images Security context constraints Troubleshooting Docker Installation Configuration Backup Upgrade Troubleshooting Self-compiled (source) Install under a relative URL Cloud providers Azure Google Cloud Platform (GCP) Amazon Web Services (AWS) Offline GitLab Offline GitLab installation Reference architectures Up to 20 RPS or 1,000 users Tutorial: Install and secure a single node GitLab instance Up to 40 RPS or 2,000 users Up to 60 RPS or 3,000 users Up to 100 RPS or 5,000 users Up to 200 RPS or 10,000 users Up to 500 RPS or 25,000 users Up to 1,000 RPS or 50,000 users Steps after installing Upgrade GitLab Plan an upgrade Upgrade paths Background migrations Troubleshooting Upgrade a Linux package instance Convert to Linux package (Omnibus) Convert to Enterprise Edition Package signatures Downgrade Troubleshooting Upgrade a self-compiled instance Patch versions Change from Community Edition to Enterprise Edition GitLab 17 changes GitLab 16 changes GitLab 15 changes Zero-downtime upgrades for multi-node instances Upgrades with downtime for multi-node instances Change from Enterprise Edition to Community Edition Releases and maintenance Deprecations by version Breaking change deployments on GitLab.com Terminology What's new Install GitLab Runner Linux Linux manual install FreeBSD macOS Windows Docker Helm chart Configure Troubleshooting GitLab agent Operator Bleeding edge releases Support policy Configure GitLab Runner Advanced configuration Autoscale configuration Docker Machine Executor autoscale Autoscale on AWS EC2 Autoscale on AWS Fargate Commands Feature flags macOS setup Runner Operator on OpenShift Running behind a proxy Rate limited requests Graphical processing units Self-signed certificates System services Speed up job execution Tutorial: Configure GitLab Runner to use the Google Kubernetes Engine Troubleshooting Administer Getting started All feature flags Enable features behind feature flags Authentication and authorization ClickHouse LDAP LDAP synchronization LDAP (Google Secure) Rake tasks Troubleshooting OAuth service provider OmniAuth AliCloud Atlassian Atlassian Crowd (deprecated) Auth0 AWS Cognito Azure Bitbucket Cloud Generic OAuth2 GitHub GitLab.com Google JWT Kerberos Troubleshooting OpenID Connect OmniAuth Salesforce SAML Configure SCIM Shibboleth OpenID Connect identity Smartcard Test OIDC/OAuth in GitLab Vault Configure GitLab Admin area Application cache interval Compliance Audit events administration Audit event streaming for instances CI/CD Compute minutes Job artifacts Troubleshooting Job logs Secure files External pipeline validation Maintenance console commands ClickHouse for analytics Consul Cron Custom HTML header tags Environment variables File hooks Geo sites Git LFS administration Git protocol v2 Health Check Incoming email Rake tasks Instance limits Instance review Log system Parse logs with jq Trace logs based on correlation ID Merge request approvals PostgreSQL Database load balancing External database service Monitor external databases Move instances Multiple databases PgBouncer Replication and failover Troubleshooting Standalone packaged database Upgrade external database Upgrading operating systems for PostgreSQL Labels Load balancer NFS Postfix Redis Configure the bundled Redis for replication Configure your own Redis for replication Standalone Redis configuration Troubleshooting Reply by email Sidekiq Multiple Sidekiq processes Processing specific job classes Sidekiq MemoryKiller Sidekiq health check Sidekiq job migration Sidekiq job size limits Troubleshooting S/MIME signing Repository storage Gitaly and Geo capabilities Gitaly and Gitaly Cluster Configure Gitaly Concurrency limiting Timeouts TLS support Repository consistency checks Configure Gitaly Cluster Gitaly on Kubernetes Bundle URIs Example configuration files Monitoring Recovery options Troubleshooting Gitaly Troubleshooting Gitaly Cluster Praefect Rake tasks Object storage Merge request diffs storage Static objects external storage Geo Setting up Geo Set up Geo for multiple nodes Database replication External PostgreSQL instances Set up Geo for two single-node sites Set up Geo for two single-node sites (with external PostgreSQL services) Configuration Using a Geo site Secondary proxying Secondary runners Selective synchronization Upgrading Geo sites Using object storage Container registry for a secondary site Geo security review Location-aware Git remote URLs Single Sign On (SSO) Tuning Geo Pausing and resuming replication Rake tasks Disable Geo Removing a Geo site Supported data types Frequently asked questions Troubleshooting Common errors Client and HTTP response code errors PostgreSQL replication errors Synchronization and verification errors Validation tests Geo Glossary Disaster recovery (Geo) Planned failover Bring primary back Automatic background verification Troubleshooting Agent server for Kubernetes Server hooks Terraform state Terraform limits Timezone Uploads Uploads migration Rake tasks Uploads sanitization Rake tasks Packages Container registry Troubleshooting Container registry metadata database Dependency Proxy Web terminals Wikis Invalidate Markdown cache Issue closing pattern Snippets Host the product documentation Self-hosted models Configuration types and authentication Supported models and hardware requirements Supported LLM serving platforms Set up self-hosted models Install the GitLab AI gateway Logging Troubleshooting Update your settings Account and limit settings Appearance CI/CD Custom instance-level project templates Diff limits Email External authorization Federated Learning of Cohorts (FLoC) GitLab for Jira Cloud app Troubleshooting GitLab for Slack app GitLab Pages GitLab Pages for source installations Troubleshooting Import and export settings Instance template repository IP address restrictions Localization Maintenance Mode Polling interval multiplier Project integrations Protected paths Public security contact information Push event activities limit Repository checks Security and Compliance Sign-in and help page text Sign-in restrictions Sign-up restrictions Spamcheck System Hooks Terms of service and privacy policy Third-party offers Visibility and access controls Maintain GitLab Housekeeping Clean up with Rake tasks Maintenance Rake tasks Integrity check Rake task Access token Rake tasks Activate GitLab EE with license Import and export large projects Troubleshooting Fast SSH key lookup Filesystem benchmarking gitlab-sshd Rails console Use SSH certificates Enable encrypted configuration Rake tasks Backup and restore Back up GitLab Backup archive process Back up and restore large reference architectures Troubleshooting Restore GitLab Migrate to a new server Inactive project deletion Move repositories Silent mode Read-only state Restart GitLab Troubleshooting Apps for a testing environment Diagnostics tools GitLab Rails console cheat sheet Linux cheat sheet PostgreSQL Monitor GitLab Performance monitoring Prometheus Configure Grafana Performance bar GitHub imports GitLab exporter GitLab Prometheus metrics IP allowlist endpoints Node exporter PGBouncer exporter PostgreSQL server exporter Redis exporter Registry exporter Usage statistics Web exporter Secure GitLab Limits on SSH keys Rate limits Deprecated API Git HTTP Git LFS Git SSH operations Git abuse Import and export Incident management Issue creation Note creation Organizations API Package registry Pipeline creation Projects API Raw endpoints Repository files API User and IP Groups API Members API Users API Filtering outbound requests Information exclusivity Manage the CRIME vulnerability Enforce two-factor authentication (2FA) Identity verification Account email verification Make new users confirm email Runners Proxying assets TLS support Token overview Troubleshooting Rotate secrets of third-party integrations Respond to security incidents Hardening General concepts Application recommendations CI/CD recommendations Configuration recommendations Operating system recommendations NIST 800-53 compliance Administer users Create users Reset user passwords Locked user accounts User file uploads Configure the Libravatar service Auditor users External users Guest users Internal users Modify global user settings Moderate users Review abuse reports Review spam logs User cohorts Broadcast messages Email from GitLab User management Rake tasks Password storage Credentials inventory Custom password length limits Generated passwords and integrated authentication GitLab Dedicated Create your GitLab Dedicated instance Maintenance and release schedule Configure your GitLab Dedicated instance View GitLab Dedicated instance details Hosted runners for GitLab Dedicated Use GitLab Manage your organization Tutorial: Set up your organization Namespaces Members Organization Groups Manage groups Group access and permissions Credentials inventory for GitLab.com Manage group SSH certificates Moderate users Custom group-level project templates Group access tokens SAML Group Sync SAML SSO for GitLab.com groups Configure SCIM Troubleshooting Example group SAML and SCIM configurations Troubleshooting Subgroups Tutorial: Move a personal project to a group Tutorial: Convert a personal namespace into a group Git abuse rate limit Troubleshooting Sharing projects and groups Compliance Audit events Audit event types Audit event schema Audit event streaming for top-level groups Compliance frameworks Compliance center Compliance standards adherence dashboard Compliance violations report Chain of custody report Compliance frameworks report Compliance projects report Compliance pipelines (deprecated) Tutorial: Create a compliance pipeline (deprecated) License scanning of CycloneDX files License approval policies SPDX license list import Enterprise users Service accounts User account options Active sessions Comment templates Contributions calendar Achievements Roles and permissions Custom roles Custom permissions Personal access tokens Profile preferences Notification emails User passwords Two-factor authentication Troubleshooting Report abuse Delete account SSH keys Troubleshooting GitLab.com settings Organize work with projects Getting started Create a project Manage projects Project visibility Project settings Description templates Project access tokens Deploy keys Deploy tokens Share projects Reserved project and group names Search Advanced search Exact code search Command palette Badges Project topics Code intelligence Import and migrate Bitbucket Cloud Bitbucket Server ClearCase CVS FogBugz Gitea GitHub Troubleshooting GitLab (direct transfer) Migrate groups and projects Migrated items Troubleshooting GitLab (file export) Troubleshooting Jira Jira migration options Perforce Helix Repo by manifest file Repo by URL TFVC System notes Transfer a project to another namespace Use a project as a Go package Tutorial: Build a protected workflow for your project Troubleshooting Plan and track work Getting started Tutorial: Use GitLab for Scrum Stand-ups, retrospectives, and velocity Tutorial: Use GitLab for Kanban Labels Iterations Tutorial: Use GitLab to run an Agile iteration Milestones Burndown and burnup charts Issues Create issues Manage issues Confidential issues Crosslinking issues CSV export CSV import Design management Due dates Emoji reactions Tutorial: Set up a project for issue triage Tutorial: Set up a project for idea management Multiple assignees Linked issues Service Desk Configure Service Desk Use Service Desk External participants Rake tasks Sorting and ordering issue lists Weight Zoom meetings in issues Issue boards Tutorial: Set up issue boards for team hand-off Comments and threads Tasks Requirements Time tracking Customer relations (CRM) Wikis Group wikis Epics Manage epics Linked epics Epic boards Test a new look for epics Roadmaps Objectives and key results (OKR) Keyboard shortcuts Quick actions Autocomplete characters Markdown AsciiDoc Rich text editor To-Do List GitLab Query Language (GLQL) Use Git Getting started Install Git Common Git commands Tutorial: Create your first commit Basic operations Create a project Clone a repository Create a branch Stage, commit, and push changes Tutorial: Update Git commit messages Stash changes Add files to your branch Merge your branch Update a fork Advanced operations Rebase and resolve conflicts Cherry-pick changes Revert and undo changes Reduce repository size File management Tutorial: Update Git remote URLs Troubleshooting Manage your code Getting started Repositories Branches Branch rules Default branch Protected branches Forks File management Web Editor File History File Blame Syntax highlighting Explain code CSV files GeoJSON files Jupyter notebook files Git attributes Git LFS Troubleshooting Locked files Repository size Tags Protected tags Code owners Syntax and errors Troubleshooting Mirroring Pull mirroring Push mirroring Bidirectional mirroring Troubleshooting Changelogs Snippets Push rules Signed commits GPG keys SSH keys X.509 certificates X.509 signatures Rake task GitLab UI commits Managing monorepos Observability Troubleshooting Machine learning model experiments Model registry Merge requests Commits Commit message templates Changes Create merge requests Draft merge requests Confidential merge requests Merge request dependencies Reviewing and managing merge requests Merge request widgets External status checks Suggestions GitLab Duo in merge requests Approvals Approval rules Approval settings Versions Manage merge requests Tutorial: Review a merge request Workflows Merge methods Squash and merge Auto-merge Collaborate across forks Merge conflicts Cherry pick changes Reverting changes Stacked diffs Export merge requests to CSV Troubleshooting Remote development Web IDE Workspaces Workspace configuration GitLab agent configuration Tutorial: Set up the GitLab agent for workspaces Tutorial: Set up the GitLab workspaces proxy Tutorial: Create a custom workspace image that supports arbitrary user IDs Use CI/CD to build your application Getting started Tutorial: Your first pipeline Tutorial: A complex pipeline CI/CD examples Deployment with Dpl End-to-end testing NPM with semantic-release PHP with PHPunit and atoum PHP with NPM and SCP PHP with Laravel and Envoy CI/CD YAML syntax reference Optimize your YAML files Validate syntax Pipeline editor Artifacts reports Include examples Inputs Needs Workflow examples Steps Tutorial: Set up CI/CD steps Runners Tutorial: Create, register, and run your own project runner Tutorial: Automate runner creation and registration GitLab-hosted runners Linux GPU macOS Windows Manage runners Register a runner Migrate to the new runner registration workflow Runner executors Custom libvirt LXD Docker Docker Machine Docker Autoscaler Instance Kubernetes Use Podman with GitLab Runner on Kubernetes Troubleshooting Shell Supported shells SSH Parallels VirtualBox Configure runners Monitor runner performance Long polling Scale a fleet of runners Fleeting library Runner fleet dashboard Runner fleet dashboard for groups Runner fleet configuration and best practices Design and configure a GitLab Runner fleet on Google Kubernetes Engine Pipelines Types of pipelines Merge request pipelines Troubleshooting Merged results pipelines Merge trains Scheduled pipelines Trigger a pipeline Customize pipeline configuration Pipeline architectures Pipeline efficiency Pipeline resource groups Downstream pipelines Troubleshooting Jobs Control how jobs run Specify when jobs run with rules Troubleshooting Format scripts and job logs Caching Artifacts Troubleshooting SSH keys Mobile DevOps Docker Run CI/CD jobs in Docker containers Use Docker to build Docker images Authenticate with registry Docker Layer Caching Use kaniko to build Docker images Tutorial: Use Buildah in a rootless container on OpenShift Services MySQL service PostgreSQL service Redis service GitLab as a service Git submodules Access a terminal for a running job CI/CD job logs CI/CD components CI/CD component examples Variables Predefined CI/CD variables Where variables can be used Pipeline security CI/CD job token External secrets ID token authentication Secure Files Use Azure Key Vault secrets in GitLab CI/CD Use GCP Secret Manager secrets in GitLab CI/CD Use HashiCorp Vault secrets in GitLab CI/CD Tutorial: Use Fortanix Data Security Manager (DSM) with GitLab Use Sigstore for keyless signing Connect to cloud services Configure OpenID Connect in AWS Configure OpenID Connect in Azure Configure OpenID Connect with Google Cloud Tutorial: Update HashiCorp Vault configuration to use ID Tokens Debugging Auto DevOps Requirements Stages Customize CI/CD variables Multiple Kubernetes clusters Canary deployments Upgrade PostgreSQL Prepare for deployment Upgrade Auto Deploy dependencies Deploy to GKE Deploy to EKS Deploy to ECS Deploy to EC2 Troubleshooting Testing Accessibility testing Browser performance testing Code coverage Code quality CodeClimate-based scanning (deprecated) Troubleshooting Fail fast testing Load performance testing Metrics reports Test cases Test coverage visualization Cobertura Coverage Reports JaCoCo Coverage Reports Unit test reports Unit test report examples Google Cloud integration Google IAM Google Artifact Management Provisioning runners Tutorial: Set up the Google Cloud integration Tutorial: Create a GitLab pipeline to push to Google Artifact Registry Tutorial: Create and deploy a web service with the Google Cloud Run component Migrate to GitLab CI/CD Migrate from Bamboo Migrate from CircleCI Migrate from GitHub Actions Migrate from Jenkins Migrate a Maven build from Jenkins Migrate from TeamCity External repository integrations Bitbucket Cloud GitHub Secure your application Getting started Application security Troubleshooting Security configuration Container Scanning Tutorial: Scan a Docker container for vulnerabilities Dependency Scanning Analyze dependency behavior Dependency scanning by using SBOM Tutorial: Set up dependency scanning Troubleshooting Comparison: Dependency Scanning and Container Scanning Dependency List Tutorial: Export dependency list Continuous Vulnerability Scanning Static Application Security Testing (SAST) GitLab Advanced SAST CWE coverage SAST rules Evaluate SAST Customize rulesets SAST analyzers Troubleshooting Infrastructure as Code (IaC) Scanning Secret detection Detected secrets Exclusions Pipeline secret detection Automatic response to leaked secrets Custom rulesets schema Secret push protection Tutorial: Protect your project with secret push protection Tutorial: Remove a secret from your commits Client-side secret detection Dynamic Application Security Testing (DAST) DAST Configuration Requirements Enabling the analyzer Customizing analyzer settings Overriding analyzer jobs Available CI/CD variables Authentication Offline configuration Vulnerability checks Troubleshooting Migrating from the DAST version 4 browser-based analyzer to DAST version 5 Migrating from the DAST proxy-based analyzer to DAST version 5 API security testing Configuration Requirements Enabling the analyzer Customizing analyzer settings Overriding analyzer jobs Available CI/CD variables Offline configuration Vulnerability checks Performance Troubleshooting DAST on-demand scan API Security API Discovery Web API Fuzz Testing Configuration Requirements Enabling the analyzer Customizing analyzer settings Overriding analyzer jobs Available CI/CD variables Offline configuration HTTP Archive format Performance Troubleshooting Coverage-guided fuzz testing Tutorial: Perform fuzz testing in GitLab Security dashboard Offline environments Vulnerability Report View vulnerabilities in a pipeline Vulnerability Page Vulnerability severity levels Vulnerability risk assessment data GitLab Advisory Database CVE ID requests Policies Scan execution policies Tutorial: Set up a scan execution policy Merge request approval policies Tutorial: Set up a merge request approval policy Pipeline execution policy Vulnerability management policy Policy schema Security scanner integration Security glossary Deploy and release your application Getting started Packages & Registries Package registry Supported package managers Supported functionality Composer Conan Debian Go Proxy Helm Maven npm NuGet PyPI Ruby gems Yarn Generic Dependency proxy for packages Store all packages in one project Monorepo workflows Reduce package registry storage Build packages Protected packages Tutorial: Automatically build and publish packages with CI/CD Container registry Authenticate Build and push images Dependency proxy for container images Reduce dependency proxy storage Delete images Protected container repositories Reduce container registry storage Reduce container registry data transfers Troubleshooting Tutorial: Annotate container images with build provenance data Harbor registry Terraform module registry Environments Protected environments Dashboard for Kubernetes Environments Dashboard Operations Dashboard Review apps Deployments Deployment approvals Deployment safety Deploy to AWS Deploy to Amazon ECS Deploy to Heroku External deployment tools Configure Kubernetes deployments (deprecated) Releases Release CI/CD examples Release CLI tool Release fields Release evidence Roll out an application incrementally Feature flags GitLab Pages Tutorial: Create website from scratch Tutorial: Build, test, and deploy your Hugo site Create website from CI/CD template Create website from forked sample project Create website from project template Create deployment for static site Public folder Default domain names and URLs Custom domains DNS records SSL/TLS certificates Let's Encrypt certificates Access control Redirects Settings Manage your infrastructure Getting started Infrastructure as Code OpenTofu state OpenTofu integration in merge requests GitLab Terraform helpers Terraform template recipes Troubleshooting Create Kubernetes clusters Amazon EKS Azure AKS Google GKE Civo Connect Kubernetes clusters Use GitOps Tutorial: Set up Flux for GitOps Tutorial: Deploy a Git repository using Flux Tutorial: Deploy an OCI artifact using Flux Migrate to Flux Use GitLab CI/CD Manage cluster applications Install cert-manager Install Ingress Install GitLab Runner Install Vault Install the agent for Kubernetes Manage the agent for Kubernetes instances Grant users Kubernetes access Operational container scanning Troubleshooting Migrate to the agent for Kubernetes Runbooks Monitor your application Getting started Error tracking Integrated error tracking Sentry error tracking Incident management Alerts Integrations Incidents Manage incidents Timeline events Linked resources Incident management for Slack On-call schedules Escalation policies Paging and notifications Status page Analyze GitLab usage Value streams dashboard Value stream analytics AI Impact analytics DevOps adoption by instance DevOps adoption by group Instance-level analytics Usage trends Insights Product analytics Instrumentation Browser SDK Analytics dashboards Issue analytics Merge request analytics Productivity analytics Code review analytics Contribution analytics Contributor analytics Repository analytics for projects Repository analytics for groups CI/CD analytics DORA metrics Tutorial: Set up an analytics-powered project Tutorial: Set up product analytics in a GitLab Pages website project Feature support Early Access Program Find your GitLab version GitLab Duo Getting started Control GitLab Duo availability GitLab Duo use cases GitLab Duo data usage GitLab Duo AI gateway Code Suggestions Set up Code Suggestions Supported extensions and languages Troubleshooting Repository X-Ray GitLab Duo Chat Ask Duo Chat Control Duo Chat availability Duo Chat best practices Duo Chat troubleshooting GitLab Duo with Amazon Q Set up (GDK only) GitLab Duo Workflow Extend Getting started Integrations Project integrations Akismet Apple App Store Connect Arkose Protect Asana Atlassian Bamboo AWS CodePipeline Beyond Identity Confluence Workspace Datadog Diagrams.net Diffblue Cover Discord Notifications Elasticsearch Troubleshooting Access Indexing Migrations Emails on push External issue trackers Bugzilla ClickUp Custom issue tracker Engineering Workflow Management (EWM) Phorge Redmine YouTrack GitGuardian GitHub GitLab for Slack app Troubleshooting Gitpod Gmail actions Google Chat Google Play Harbor irker (IRC gateway) Jenkins Jira Jira issue integration Jira issue management Tutorial: Create Jira credentials Troubleshooting Jira development panel GitLab for Jira Cloud app Jira DVCS connector Troubleshooting Kroki Mailgun Matrix notifications Mattermost notifications Mattermost slash commands Microsoft Teams notifications MLflow Mock CI Pipeline status emails Pivotal Tracker PlantUML Pumble reCAPTCHA Slack notifications (deprecated) Slack slash commands ChatOps Snowflake Sourcegraph Squash TM Telegram Trello Power-Ups Unify Circuit Webex Teams Zoekt Webhooks Events Rake tasks Troubleshooting REST API Resources .gitignore (templates) .gitlab-ci.yml (templates) Access requests Agent for Kubernetes Alert management Appearance (application) Applications Audit events Avatar Branches Broadcast messages Code Suggestions Commits Composer Conan Container registry Container repository protection rules Custom attributes Database migrations Debian Debian group distributions Debian project distributions Dependencies Dependency list export Dependency Proxy Deploy keys Deploy tokens Deployments Discussions Dockerfile (templates) DORA4 metrics Emoji reactions Environments Epics (deprecated) Error tracking Events Experiments External status checks Feature flags Feature flag user lists Freeze periods Geo nodes (deprecated) Geo sites GitLab Duo Chat completions GitLab Pages Go Proxy Google Cloud integration Groups Access tokens Activity analytics Badges CI/CD variables Enterprise users Epic boards Import and export Issue boards Iterations Labels LDAP group links Markdown uploads Migration by direct transfer Milestones Protected branches Protected environments Push rules Relations export Releases Repository storage moves SAML Security settings Service accounts SSH certificates Webhooks Wikis Helm Import Instance CI/CD variables Integrations Invitations Issues Issues (epic) Issues statistics Jobs Job artifacts Job token scopes Keys License Licenses (templates) Linked epics Links (issue) Links (epic) Lint .gitlab-ci.yml Markdown Marketplace Maven Member roles Members Merge request approvals Merge request approval settings Merge request context commits Merge requests Merge trains Metadata Model registry Namespaces Notes (comments) Draft notes Notification settings npm NuGet Organizations Packages Pages domains Personal access tokens Pipeline schedules Pipeline trigger tokens Pipelines Plan limits Product analytics Projects Access tokens Aliases Badges CI/CD variables Forks Import and export Issue boards Iterations Labels Markdown uploads Milestones Project starring Protected branches Protected environments Protected packages Protected tags Pull mirroring Push rules Relations export Releases Release links Remote mirrors Repository storage moves Snippets Statistics Templates Vulnerabilities Webhooks Wikis PyPI Repositories Repository files Repository submodules Resource group Resource iteration events Resource label events Resource milestone events Resource state events Resource weight events Ruby gems Runners SCIM Search Search migrations Secure files Service Ping Settings (application) Sidekiq metrics Sidekiq queues Snippet repository storage moves Snippets Statistics (application) Suggestions System hooks Tags Terraform registry To-Do List Token information Topics Users Follow and unfollow users Service account users SSH and GPG keys User email addresses User moderation User tokens Version Vulnerabilities Vulnerability export Vulnerability findings Web commits Authentication Third-party clients Deprecations and removals OpenAPI Automate storage management Troubleshooting GraphQL API Queries and mutations Resources Examples Assign GitLab Duo seats Audit event streaming for instances Audit event streaming for top-level groups Create audit report Identify issue boards List branch rules for project Query users Use custom emoji Migrate epic APIs to work items Removed items OAuth 2.0 identity provider API Editor and IDE extensions Visual Studio Code Install and set up CI/CD pipelines Custom queries GitLab remote URL format Settings and commands Troubleshooting Using with self-signed certificates JetBrains IDEs Install and set up Troubleshooting Visual Studio Install and set up Troubleshooting Neovim Install and set up Troubleshooting GitLab CLI (glab) Language Server Contribute Contribute to GitLab Tutorial: Make a GitLab contribution Contribute code with the Web IDE Configure the Gitpod development environment Contribute code with Gitpod Configure GDK-in-a-box Install the GDK development environment Contribute code with GDK Create a merge request Contribute to UX design Architecture Adding a new Service Component Scalability Development Rake tasks Mass insert Rails models Development processes Accessing session data AI features Custom models Duo Chat Duo Workflow Embeddings Development playbook Logged events Glossary Serving Models locally Avoiding required stops Backwards compatibility Changelog entries ChatOps on GitLab.com Cloud Connector Architecture Configuration Code review guidelines Danger bot Dependencies Deprecation guidelines EE features Emails Experiments Implementing experiments Testing experiments Experiment code reviews Experiment rollouts Feature categorization Features in .gitlab directory Feature flags for GitLab development Controlling feature flags Feature flags API FIPS compliance Framework - DeclarativePolicy GitLab Dedicated features Gotchas Image scaling Issues workflow Interacting components Labels Licensing Maintenance mode Merge request concepts Merge request diffs development guide Working with diffs Application and rate limit guidelines Frontend overview Mergeability framework Performance guidelines Merge request workflow Profiling Rails Endpoints Rails initializers Rails upgrade guidelines Reusing Abstractions Renaming features Repository mirroring Ruby upgrade guidelines Ruby 3 gotchas Secure partner onboarding process Shared files Storage Testing standards and styles Flaky tests Frontend testing standards and style guidelines Review apps Smoke tests Testing best practices Test results tracking Testing levels Testing Rails migrations Testing Rake tasks Unhealthy tests Vue 3 testing Testing (contract) Writing consumer tests Writing provider tests Testing (end to end) Beginner's guide to writing end-to-end tests Flows Page objects Resources Best practices when writing end-to-end tests Dynamic element validation Execution context selection Testing with feature flags RSpec metadata for end-to-end tests Test Users Waits Migrate Capybara to Chemlab End-to-end test pipelines Running tests Running tests that require special setup Style guide for writing end-to-end tests Test Infrastructure for Cloud Integrations Troubleshooting Translate GitLab Externalization Translation Proofreading Merging Development style guides Advanced search migration style guide API style guide Caching guidelines Frontend style guides Frontend Goals Gemfile guidelines Gems development guidelines Go standards and style guidelines Dependency management in Go Managing Go versions GraphQL API style guide Shell command guidelines HTML style guide JavaScript style guide Performance guidelines Python guidelines Refactoring guide RuboCop rule guidelines Ruby style guide SCSS style guide Secure coding guidelines Service measurement Software design guides State management Pinia Shell scripting standards and style guidelines TypeScript style guide Vue style guide Feature development ActivityPub ActivityPub actors Releases actor Advanced search AI Application limits Application secrets Application settings Cascading settings Application SLIs Rails Request SLIs Sidekiq Execution SLIs Approval rules Audit events Auto DevOps Backup and Restore Built-in project templates Cells Topology Service CI/CD Documenting keywords Contribute to the CI/CD configuration Contribute to the CI/CD schema CI/CD component development CI/CD template development Pipeline Wizard New partitioned CI/CD tables Code comments Code intelligence Code Owners Code Suggestions Source Code Management Gitaly touch points Push Rules development guidelines Data science Model registry Data Seeder Database Adding database indexes Database required stops Add a foreign key constraint to an existing column Avoiding downtime in migrations Batched background migrations Batching best practices Batch iteration in a tree hierarchy Cached queries guidelines Case study - filtering by label Case study - namespaces storage statistics CI mirrored tables ClickHouse ClickHouse within GitLab GitLab activity data in ClickHouse Merge request analytics with ClickHouse Optimizing query execution Tiered storages in ClickHouse Client-side connection pool Constraint naming convention Database Dictionary Database Lab and Postgres.ai Database load balancing Database migration pipeline Database review guidelines Database reviewer guidelines Database check-migrations job DB Migrate multi-version upgrade job DB dump Deduplicate database records Delete existing migrations Enums Foreign keys and associations Hash indexes Insert into tables in batches Introducing a new database migration version Iterating tables in batches JiHu merge requests Large tables limitations Layout and access patterns Maintenance operations Migration ordering Migrations style guide Multiple databases Loose Foreign Keys Migrations for multiple databases Namespaces Navigation sidebar NOT NULL constraints Offset pagination optimization Ordering table columns Pagination guidelines Pagination performance guidelines Keyset pagination Efficient IN operator queries Polymorphic associations Post-deployment migrations Query comments with Marginalia Query count limits Query performance guidelines Query Recorder Rename database tables Scalability patterns Read-mostly pattern Time decay pattern Serializing data Setting multiple values SHA1 as binary Single Table Inheritance Semantic Versioning of Database Records SQL guidelines Strings and the Text data type Swapping tables Table partitioning Date range Hash Int range List Transaction guidelines Troubleshooting and debugging Understanding EXPLAIN plans Verifying database capabilities Design and UI Development seed files Distributed tracing Development guidelines Event Store Export CSV Frontend development Accessibility Best practices Automated testing Architecture Content Editor Customizable dashboards Design tokens Diagrams.net Merge request widget extensions Registry architecture Source editor Storybook Widgets Cookies Dark mode Date and time Dependencies Design patterns Event tracking Emojis FAQ Guides Getting started Migrating from Vuex Onboarding course Lesson 1 Vue 3 migration Icons and SVG illustrations Keyboard shortcuts Logging Sentry Performance Security Tech Stack Axios GraphQL HAML ViewComponent Vue Vuex Tooling Troubleshooting Type hinting Geo Geo framework Geo proxying Geo API Git LFS Git object deduplication Gitaly GitLab Flavored Markdown (GLFM) Reference processing GitLab Shell Features GitLab-sshd Processes Gitpod internal configuration GraphQL GraphQL authorization GraphQL BatchLoader Reading GraphQL logs GraphQL pagination GraphQL Pro GraphQL API merge request checklist Generating chaos Group-level project templates Principles of Importer Design Import (Bitbucket Cloud) Import (Bitbucket Server) Import (GitHub) Import (Migration by direct transfer) Add relations to direct transfer importer Import (Migration by file export) Import (test project) Identity verification Integrations Internal analytics Internal event tracking Quick start guide Migrating to internal event tracking Event definition guide Metric definition guide Local setup and debugging Metrics Metrics dictionary guide Metrics instrumentation guide Metrics lifecycle Service Ping Troubleshooting Review guidelines Internal API Internal allowed API GitLab Subscriptions Internal users Issuable-like Rails models utilities Issue types Jenkins in local environments Jira development environment JSON guidelines Kubernetes integration Logging Observability Metrics Logs Tutorial: Use GitLab Observability with a Ruby on Rails application Tutorial: Use GitLab Observability with a NodeJS application Tutorial: Use GitLab Observability with a Django application Tutorial: Use GitLab Observability with a Java Spring application Tutorial: Use GitLab Observability with a .NET application Observability for stage groups Dashboards GitLab instrumentation for OpenTelemetry Stage group dashboard Error budget detail Package Package settings Package structure Support new formats Cleanup policies Debian repository Dependency proxy Harbor registry Permissions Predefined system of user roles Custom roles Permissions Conventions Authorization Product Qualified Lead (PQL) Pry debugging VS Code debugging Build and deploy real-time view components Redis Add a Redis instance Reactive caching Remote Development developer documentation Repository storage moves Routing Sec section Analyzer development guide CycloneDX property taxonomy Gemnasium analyzer data Security report ingestion Token Revocation API Generate test vulnerabilities Sidekiq Compatibility across updates Job idempotency and job deduplication Limited capacity worker Logging Worker attributes Solargraph Spam protection and CAPTCHA Model and services REST API spam protection GraphQL API spam protection Web UI spam protection Exploratory testing Uploads Adding new uploads Value Stream Analytics Aggregated Value Stream Analytics Verify stage Wikis Work items and work item types Work items widgets Workhorse Adding new features to Workhorse Configuration Features that rely on Workhorse Handlers Websocket channel support Prometheus metrics Organization Utilities GitLab Development Kit GitLab project pipelines CI configuration internals CI configuration performance Contribute to GitLab Runner Review GitLab Runner Add new Windows version support for Docker executor Contribute to GitLab Pages Using dnsmasq to dynamically handle GitLab Pages subdomains Contribute to GitLab Distribution Contribute to Omnibus GitLab Getting started Build locally Build Omnibus GitLab package Build all-in-one Docker image Information for GitLab team members Set up a development environment Developing for s390x architecture Test plans Upgrade Component test plan template Upgrade golang Upgrade exiftool Upgrade rubygems Upgrade Redis Upgrade gitlab-exporter Upgrade go-crond Upgrade Mattermost Generate test report Maintainership CI variables Change package behavior Change YAML config options Add deprecation messages Add new gitlab-ctl commands What happens with gitlab-ctl reconfigure Add new services Add new software definitions Database support Create patches Add or remove configuration options Manage PostgreSQL versions Omnibus mirror Version format for the packages and Docker images Pipelines Work with public_attributes.json Release to AWS Upgrade software components Upgrade Chef Handle vulnerabilities Handle broken master pipelines Deprecate and remove support for an OS Contribute to GitLab Helm charts Architecture of Cloud native GitLab Helm charts Backup and Restore Goals Architecture Design Decisions Decision Making Resource Usage Environment setup Developing for Kubernetes with KinD Developing for Kubernetes minikube Style guide Changelog entries Running GitLab QA Writing bats tests Writing RSpec tests Testing with ChaosKube Versioning and release Troubleshooting ClickHouse database checkConfig template Validation of values using JSON schema Deploy Development Branch Deprecations and removals Contribute to GitLab Operator CI/CD configuration Dependency on GitLab Charts Development installation OpenShift cluster setup Publish to OperatorHub Provision and deploy RedHat certification RedHat certification full Versioning and releases Test OLM Contribute to GitLab Design System Contribute to documentation Style guide Recommended word list Product availability details Feature flags Experiment and beta features Deprecations and removals Version-specific changes Metadata GraphQL REST API Topic types Concepts Tasks Reference Troubleshooting Top-level Getting started Tutorials Glossaries Workflow /help Drawer content Testing Links markdownlint Vale Site architecture Global navigation Folder structure Deployment process Documentation review apps Automation Backport documentation changes Redirects Solutions Cloud AWS Solutions GitLab partnership qualifications from AWS GitLab AWS integrations index GitLab Instances on AWS Provision GitLab on a single EC2 instance in AWS SRE considerations for Gitaly on AWS GitLab and AWS Integration Tutorials Tutorial: Configuring AWS ECR Pull Through Cache Rules Coding Languages and Frameworks Solutions Index for Rust Integrations ServiceNow About Use of generative AI Create a project access token Revoke a project access token Scopes for a project access token Restrict the creation of project access tokens Access token expiration Project access token expiry emails Bot users for projects Token availability

Project access tokens

Became available in trial subscriptions in GitLab 16.1. Default prefix added.

Project access tokens are similar to passwords, except you can limit access to resources , select a limited role, and provide an expiry date. Actual access to a project is controlled by a combination of roles and permissions , and the token scopes .

Use a project access token to authenticate: With the GitLab API . With Git, when using HTTP Basic Authentication, use: Any non-blank value as a username. The project access token as the password.

Project access tokens are similar to group access tokens and personal access tokens , but project access tokens are scoped to a project, so you cannot use them to access resources from other projects.

In self-managed instances, project access tokens are subject to the same maximum lifetime limits as personal access tokens if the limit is set.

You can use project access tokens: On GitLab SaaS: If you have the Premium or Ultimate license tier, only one project access token is available with a trial license . On self-managed instances of GitLab: With any license tier. If you have the Free tier, consider restricting the creation of project access tokens to lower potential abuse.

You cannot use project access tokens to create other group, project, or personal access tokens.

Project access tokens inherit the default prefix setting configured for personal access tokens.

Create a project access token

History Introduced in GitLab 15.1, Owners can select Owner role for project access tokens. Introduced in GitLab 15.3, default expiration of 30 days and default role of Guest is populated in the UI. Ability to create non-expiring project access tokens removed in GitLab 16.0. Maximum allowable lifetime limit extended to 400 days in GitLab 17.6 with a flag named buffered_token_expiration_limit . Disabled by default. Project access token description introduced in GitLab 17.7. The availability of the extended maximum allowable lifetime limit is controlled by a feature flag. For more information, see the history. The ability to create project access tokens without an expiry date was deprecated in GitLab 15.4 and removed in GitLab 16.0. For more information on expiry dates added to existing tokens, see the documentation on access token expiration .

To create a project access token: On the left sidebar, select Search or go to and find your project. Select Settings > Access tokens . Select Add new token . In Token name , enter a name. The token name is visible to any user with permissions to view the project. Optional. In Token description , enter a description for the token. In Expiration date , enter an expiry date for the token. The token expires on that date at midnight UTC. A token with the expiration date of 2024-01-01 expires at 00:00:00 UTC on 2024-01-01. If you do not enter an expiry date, the expiry date is automatically set to 30 days later than the current date. By default, this date can be a maximum of 365 days later than the current date. In GitLab 17.6 or later, you can extend this limit to 400 days . An instance-wide maximum lifetime setting can limit the maximum allowable lifetime in self-managed instances. Select a role for the token. Select the desired scopes . Select Create project access token .

A project access token is displayed. Save the project access token somewhere safe. After you leave or refresh the page, you can’t view it again. Project access tokens are treated as internal users . If an internal user creates a project access token, that token is able to access all projects that have visibility level set to Internal .

Revoke a project access token

History Ability to view revoked tokens introduced in GitLab 17.3 with a flag named retain_resource_access_token_user_after_revoke . Disabled by default. The availability of being able to view revoked tokens is controlled by a feature flag. For more information, see the history.

To revoke a project access token: On the left sidebar, select Search or go to and find your project. Select Settings > Access tokens . Next to the project access token to revoke, select Revoke ( ).

In GitLab 17.3 and later, if you enable the retain_resource_access_token_user_after_revoke feature flag, you can view both active and inactive revoked project access tokens on the access tokens page. If you do not enable the feature flag, you can only view the active tokens. The inactive project access tokens table: Contains: Existing tokens that have been revoked but have not yet expired. After these tokens expire, they are no longer in the table. Tokens created after the feature flag was enabled that have been revoked. These tokens remain in the table even after they have expired. Does not contain: Tokens that have already expired or been revoked. Existing tokens that expire in the future or have not been revoked.

Scopes for a project access token

History k8s_proxy introduced in GitLab 16.4 with a flag named k8s_proxy_pat . Enabled by default. Feature flag k8s_proxy_pat removed in GitLab 16.5.

The scope determines the actions you can perform when you authenticate with a project access token. See the warning in create a project access token regarding internal projects. Scope Description api Grants complete read and write access to the scoped project API, including the container registry , the dependency proxy , and the package registry . read_api Grants read access to the scoped project API, including the package registry . read_registry Grants read access (pull) to the container registry images if a project is private and authorization is required. write_registry Grants write access (push) to the container registry . You need both read and write access to push images. read_repository Grants read access (pull) to the repository. write_repository Grants read and write access (pull and push) to the repository. create_runner Grants permission to create runners in the project. manage_runner Grants permission to manage runners in the project. ai_features Grants permission to perform API actions for GitLab Duo. This scope is designed to work with the GitLab Duo Plugin for JetBrains. For all other extensions, see scope requirements. k8s_proxy Grants permission to perform Kubernetes API calls using the agent for Kubernetes in the project.

Restrict the creation of project access tokens

To limit potential abuse, you can restrict users from creating tokens for a group hierarchy. This setting is only configurable for a top-level group and applies to every downstream project and subgroup. Any existing project access tokens remain valid until their expiration date or until manually revoked. On the left sidebar, select Search or go to and find your group. This group must be at the top level. Select Settings > General . Expand Permissions and group features . In Permissions , clear the Users can create project access tokens and group access tokens in this group checkbox.

Access token expiration

Whether your existing project access tokens have expiry dates automatically applied depends on what GitLab offering you have, and when you upgraded to GitLab 16.0 or later: On GitLab.com, during the 16.0 milestone, existing project access tokens without an expiry date were automatically given an expiry date of 365 days later than the current date. On GitLab self-managed, if you upgraded from GitLab 15.11 or earlier to GitLab 16.0 or later: On or before July 23, 2024, existing project access tokens without an expiry date were automatically given an expiry date of 365 days later than the current date. This change is a breaking change. On or after July 24, 2024, existing project access tokens without an expiry date did not have an expiry date set.

On GitLab self-managed, if you do a new install of one of the following GitLab versions, your existing project access tokens do not have expiry dates automatically applied: 16.0.9 16.1.7 16.2.10 16.3.8 16.4.6 16.5.9 16.6.9 16.7.9 16.8.9 16.9.10 16.10.9 16.11.7 17.0.5 17.1.3 17.2.1

Project access token expiry emails

History Sixty and thirty day expiry notification emails introduced in GitLab 17.6 with a flag named expiring_pats_30d_60d_notifications . Disabled by default. Sixty and thirty day notification emails generally available in GitLab 17.7. Feature flag expiring_pats_30d_60d_notifications removed. Notifications to inherited group members introduced in GitLab 17.7 with a flag named pat_expiry_inherited_members_notification . Disabled by default. The availability of the sixty and thirty day expiry notification emails is controlled by a feature flag. For more information, see the history.

GitLab runs a check every day at 1:00 AM UTC to identify project access tokens that are expiring in the near future. Members of the project with at least the Maintainer role are notified by email when these tokens expire in a certain number of days. The number of days differs depending on the version of GitLab: In GitLab 17.6 and later, project maintainers and owners are notified by email when the check identifies their project access tokens as expiring in the next sixty days. An additional email is sent when the check identifies their project access tokens as expiring in the next thirty days. Project maintainers and owners are notified by email when the check identifies their project access tokens as expiring in the next seven days. In GitLab 17.7 and later, project members who have inherited the Owner or Maintainer role due to the project belonging to a group can also receive notification emails. You can enable this by changing: The group setting in any of the parent groups of the project. On GitLab self-managed, the instance setting .

Bot users for projects

History Changed in GitLab 17.2 with a flag named retain_resource_access_token_user_after_revoke . Disabled by default. When enabled new bot users are made members with no expiry date and, when the token is later revoked or expires, the bot user is retained. It is not deleted and its records are not moved to the Ghost User. The behavior of the bot user after the project access token is revoked is controlled by a feature flag. For more information, see the history.

Bot users for projects are GitLab-created non-billable users . Each time you create a project access token, a bot user is created and added to the project. This user is not a billable user, so it does not count toward the license limit.

The bot users for projects have permissions that correspond with the selected role and scope of the project access token. The name is set to the name of the token. The username is set to project_{project_id}_bot_{random_string} . For example, project_123_bot_4ffca233d8298ea1 . The email is set to project_{project_id}_bot_{random_string}@noreply.{Gitlab.config.gitlab.host} . For example, [email protected] .

API calls made with a project access token are associated with the corresponding bot user.

Bot users for projects: Are included in a project’s member list but cannot be modified. The membership expires when the token expires. Cannot be added to any other project. Can have a maximum role of Owner for a project. For more information, see Create a project access token .

When the project access token is revoked : The bot user is deleted. All records are moved to a system-wide user with the username Ghost User .

See also Bot users for groups .

Token availability

More than one project access token is only available in paid subscriptions. In Premium and Ultimate trial subscriptions, only one project access token is included. For more information, see the “What is included” section of the GitLab Trial FAQ .

Help & feedback

Docs

Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.

Product

Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Join First Look to help shape new features.

Feature availability and product trials

View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.

Get Help

If you didn't find what you were looking for, search the docs .

If you want help with something specific and could use community support, post on the GitLab forum .

For problems setting up or using this feature (depending on your GitLab subscription).

Request support Sign in to GitLab.com Twitter Facebook YouTube LinkedIn Docs Repo About GitLab Terms Privacy Statement Cookie Settings Contact

View page source - Edit in Web IDE Twitter Facebook YouTube LinkedIn