Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
a536dd27
Commit
a536dd27
authored
Nov 09, 2021
by
Nick Malcolm
Committed by
Evan Read
Nov 09, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add & update security considerations for PATs
parent
1c1a006d
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
9 additions
and
0 deletions
+9
-0
doc/security/token_overview.md
doc/security/token_overview.md
+5
-0
doc/user/profile/personal_access_tokens.md
doc/user/profile/personal_access_tokens.md
+4
-0
No files found.
doc/security/token_overview.md
View file @
a536dd27
...
@@ -117,4 +117,9 @@ Instead, API calls can be passed an access token using headers, like [the `Priva
...
@@ -117,4 +117,9 @@ Instead, API calls can be passed an access token using headers, like [the `Priva
Tokens can also be stored using a
[
Git credential storage
](
https://git-scm.com/book/en/v2/Git-Tools-Credential-Storage
)
.
Tokens can also be stored using a
[
Git credential storage
](
https://git-scm.com/book/en/v2/Git-Tools-Credential-Storage
)
.
Tokens should not be committed to your source code. Instead, consider an approach such as
[
using external secrets in CI
](
../ci/secrets/index.md
)
.
When creating a scoped token, consider using the most limited scope possible to reduce the impact of accidentally leaking the token.
When creating a scoped token, consider using the most limited scope possible to reduce the impact of accidentally leaking the token.
When creating a token, consider setting a token that expires when your task is complete. For example, if performing a one-off import, set the
token to expire after a few hours or a day. This reduces the impact of a token that is accidentally leaked because it is useless when it expires.
doc/user/profile/personal_access_tokens.md
View file @
a536dd27
...
@@ -62,6 +62,10 @@ to the URL. For example:
...
@@ -62,6 +62,10 @@ to the URL. For example:
https://gitlab.example.com/-/profile/personal_access_tokens?name=Example+Access+token&scopes=api,read_user,read_registry
https://gitlab.example.com/-/profile/personal_access_tokens?name=Example+Access+token&scopes=api,read_user,read_registry
```
```
WARNING:
Personal access tokens must be treated carefully. Read our
[
token security considerations
](
../../security/token_overview.md#security-considerations
)
for guidance on managing personal access tokens (for example, setting a short expiry and using minimal scopes).
## Revoke a personal access token
## Revoke a personal access token
At any time, you can revoke a personal access token.
At any time, you can revoke a personal access token.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment