GitLab Token
Bridgecrew Policy ID: BC_GIT_44
Chekov Check ID: CKV_SECRET_44
Severity: LOW
GitLab Token
Description
Personal access tokens can be an alternative to OAuth2 and used to:
- Authenticate with the GitLab API.
- Authenticate with Git using HTTP Basic Authentication.
In both cases, you authenticate with a personal access token in place of your password.
Personal access tokens are:
- Required when two-factor authentication (2FA) is enabled.
- Used with a GitLab username to authenticate with GitLab features that require usernames. For example, GitLab-managed Terraform state backend and Docker container registry,
- Similar to project access tokens and group access tokens, but are attached to a user rather than a project or group.
Fix - Buildtime
GitLab
- In the top-right corner, select your avatar.
- Select Edit profile.
- On the left sidebar, select Access Tokens.
- In the Active personal access tokens area, next to the key, select Revoke.
Updated 4 months ago