Project access tokens (Alpha)

Warning: This is an Alpha feature, and it is subject to change at any time without prior notice.

GitLab 13.0から導入されました。
フィーチャーフラグで有効・無効を切り替えることができ、デフォルトでは無効になっています。
It’s disabled on GitLab.com.
To use it in GitLab self-managed instances, ask a GitLab administrator to enable it.

Project access tokens are scoped to a project and can be used to authenticate with the GitLab API.

You can also use project access tokens with Git to authenticate over HTTP or SSH.

Project access tokens expire on the date you define, at midnight UTC.

For examples of how you can use a project access token to authenticate with the API, see the following section from our API Docs.

Creating a project access token

Log in to GitLab.
Navigate to the project you would like to create an access token for.
In the Settings menu choose Access Tokens.
Choose a name and optional expiry date for the token.
Choose the desired scopes.
Click the Create project access token button.
Save the project access token somewhere safe. Once you leave or refresh the page, you won’t be able to access it again.

Project bot users

For each project access token created, a bot user will also be created and added to the project with “Maintainer” level permissions. API calls made with a project access token will be associated to the corresponding bot user.

These users will appear in Members but can not be modified. Furthermore, the bot user can not be added to any other project.

When the project access token is revoked the bot user will be deleted and all records will be moved to a system-wide user with the username “Ghost User”. For more information, see Associated Records.

Revoking a project access token

At any time, you can revoke any project access token by clicking the respective Revoke button in Settings > Access Tokens.

Limiting scopes of a project access token

Project access tokens can be created with one or more scopes that allow various actions that a given token can perform. The available scopes are depicted in the following table.

Scope	説明
`api`	Grants complete read/write access to the scoped project API.
`read_api`	Grants read access to the scoped project API.
`read_registry`	Allows read-access (pull) to container registry images if a project is private and authorization is required.
`write_registry`	Allows write-access (push) to container registry.
`read_repository`	Allows read-only access (pull) to the repository.
`write_repository`	Allows read-write access (pull, push) to the repository.

Enable or disable project access tokens

Project access tokens is an Alpha feature and is not recommended for production use. It is deployed behind a feature flag that is disabled by default. GitLab administrators with access to the GitLab Rails console can enable it for your instance.

有効にするには:

Feature.enable(:resource_access_token)

無効化するには:

Feature.disable(:resource_access_token)

クリエーションラインについて

私たちクリエーションラインは、日本で最も古く2017年にGitLabサービスの提供を開始し、2022年には「Asia-Pacific Partner of the Year」も獲得。GitLabのサブスクリプション販売やテクニカルサポートだけでなく、GitLab Enterpriseの導入支援やGitLabトレーニングなど多様なサービスを提供し、エンタープライズを中心に豊富な実績を誇ります。GitLabに関するお悩みがありましたら、ぜひお気軽にお問い合わせください。日本で唯一、3度にわたるMVPを獲得したGitLabエバンジェリストをはじめとしたエキスパートチームが、あなたの課題解決をご支援します。