Commit 2675f3e0 authored by Suzanne Selhorn's avatar Suzanne Selhorn

Merge branch 'patch-155' into 'master'

Clarify deploy token details

See merge request gitlab-org/gitlab!34556
parents c646c1c4 909c4509
...@@ -11,7 +11,7 @@ type: howto ...@@ -11,7 +11,7 @@ type: howto
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/199370) from **Settings > Repository** in GitLab 12.9. > - [Moved](https://gitlab.com/gitlab-org/gitlab/-/issues/199370) from **Settings > Repository** in GitLab 12.9.
> - [Added `write_registry` scope](https://gitlab.com/gitlab-org/gitlab/-/issues/22743) in GitLab 12.10. > - [Added `write_registry` scope](https://gitlab.com/gitlab-org/gitlab/-/issues/22743) in GitLab 12.10.
> - [Moved](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29280) from **Settings > CI / CD** in GitLab 12.10.1. > - [Moved](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/29280) from **Settings > CI / CD** in GitLab 12.10.1.
> - [Added package registry scopes](https://gitlab.com/gitlab-org/gitlab/-/issues/213566) from **Settings > CI / CD** in GitLab 13.0. > - [Added package registry scopes](https://gitlab.com/gitlab-org/gitlab/-/issues/213566) in GitLab 13.0.
Deploy tokens allow you to download (`git clone`) or push and pull packages and container registry images of a project without having a user and a password. Deploy tokens allow you to download (`git clone`) or push and pull packages and container registry images of a project without having a user and a password.
...@@ -46,15 +46,17 @@ respective **Revoke** button under the 'Active deploy tokens' area. ...@@ -46,15 +46,17 @@ respective **Revoke** button under the 'Active deploy tokens' area.
## Limiting scopes of a deploy token ## Limiting scopes of a deploy token
Deploy tokens can be created with two different scopes that allow various Deploy tokens can be created with different scopes that allow various
actions that a given token can perform. The available scopes are depicted in actions that a given token can perform. The available scopes are depicted in
the following table. the following table along with GitLab version it was introduced in.
| Scope | Description | | Scope | Description | Introduced in GitLab Version |
| ----- | ----------- | | ----- | ----------- | ------ |
| `read_repository` | Allows read-access to the repository through `git clone` | | `read_repository` | Allows read-access to the repository through `git clone` | 10.7 |
| `read_registry` | Allows read-access to [container registry](../../packages/container_registry/index.md) images if a project is private and authorization is required. | | `read_registry` | Allows read-access to [container registry](../../packages/container_registry/index.md) images if a project is private and authorization is required. | 10.7 |
| `write_registry` | Allows write-access (push) to [container registry](../../packages/container_registry/index.md). | | `write_registry` | Allows write-access (push) to [container registry](../../packages/container_registry/index.md). | 12.10 |
| `read_package_registry` | Allows read access to the package registry. | 13.0 |
| `write_package_registry` | Allows write access to the package registry. | 13.0 |
## Deploy token custom username ## Deploy token custom username
...@@ -96,6 +98,8 @@ pull images from your Container Registry. ...@@ -96,6 +98,8 @@ pull images from your Container Registry.
### Push Container Registry images ### Push Container Registry images
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/22743) in GitLab 12.10.
To push the container registry images, you'll need to: To push the container registry images, you'll need to:
1. Create a Deploy Token with `write_registry` as a scope. 1. Create a Deploy Token with `write_registry` as a scope.
...@@ -111,6 +115,8 @@ push images to your Container Registry. ...@@ -111,6 +115,8 @@ push images to your Container Registry.
### Read or pull packages ### Read or pull packages
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213566) in GitLab 13.0.
To pull packages in the GitLab package registry, you'll need to: To pull packages in the GitLab package registry, you'll need to:
1. Create a Deploy Token with `read_package_registry` as a scope. 1. Create a Deploy Token with `read_package_registry` as a scope.
...@@ -119,6 +125,8 @@ To pull packages in the GitLab package registry, you'll need to: ...@@ -119,6 +125,8 @@ To pull packages in the GitLab package registry, you'll need to:
### Push or upload packages ### Push or upload packages
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/213566) in GitLab 13.0.
To upload packages in the GitLab package registry, you'll need to: To upload packages in the GitLab package registry, you'll need to:
1. Create a Deploy Token with `write_package_registry` as a scope. 1. Create a Deploy Token with `write_package_registry` as a scope.
...@@ -151,8 +159,7 @@ apply consistently when cloning the repository of related projects. ...@@ -151,8 +159,7 @@ apply consistently when cloning the repository of related projects.
There's a special case when it comes to Deploy Tokens. If a user creates one There's a special case when it comes to Deploy Tokens. If a user creates one
named `gitlab-deploy-token`, the username and token of the Deploy Token will be named `gitlab-deploy-token`, the username and token of the Deploy Token will be
automatically exposed to the CI/CD jobs as environment variables: `CI_DEPLOY_USER` and automatically exposed to the CI/CD jobs as environment variables: `CI_DEPLOY_USER` and
`CI_DEPLOY_PASSWORD`, respectively. With the GitLab Deploy Token, the `CI_DEPLOY_PASSWORD`, respectively.
`read_registry` and `write_registry` scopes are implied.
After you create the token, you can login to the Container Registry using After you create the token, you can login to the Container Registry using
those variables: those variables:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment