Commit 63b1749b authored by Kenneth Chu's avatar Kenneth Chu Committed by Suzanne Selhorn

Add steps to reset the runner authentication token

parent 1e69c2d9
...@@ -107,10 +107,10 @@ We're always looking for contributions that can mitigate these ...@@ -107,10 +107,10 @@ We're always looking for contributions that can mitigate these
### Reset the runner registration token for a project ### Reset the runner registration token for a project
If you think that a registration token for a project was revealed, you should If you think that a registration token for a project was revealed, you should
reset it. A token can be used to register another runner for the project. That new runner reset it. A registration token can be used to register another runner for the project.
may then be used to obtain the values of secret variables or to clone project code. That new runner may then be used to obtain the values of secret variables or to clone project code.
To reset the token: To reset the registration token:
1. Go to the project's **Settings > CI/CD**. 1. Go to the project's **Settings > CI/CD**.
1. Expand the **General pipelines settings** section. 1. Expand the **General pipelines settings** section.
...@@ -124,6 +124,16 @@ any new runners to the project. If you are using any tools to provision and ...@@ -124,6 +124,16 @@ any new runners to the project. If you are using any tools to provision and
register new runners, the tokens used in those tools should be updated to reflect the register new runners, the tokens used in those tools should be updated to reflect the
value of the new token. value of the new token.
### Reset the runner authentication token
If you think that an authentication token for a runner was revealed, you should
reset it. An attacker could use the token to [clone a runner](https://docs.gitlab.com/runner/security/#cloning-a-runner).
To reset the authentication token, [unregister the runner](https://docs.gitlab.com/runner/commands/#gitlab-runner-unregister)
and then [register](https://docs.gitlab.com/runner/commands/#gitlab-runner-register) it again.
To verify that the previous authentication token is no longer valid, use the [Runners API](../../api/runners.md#verify-authentication-for-a-registered-runner).
## Determine the IP address of a runner ## Determine the IP address of a runner
> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/17286) in GitLab 10.6. > [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/17286) in GitLab 10.6.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment