Skip to main content

GitLab Enterprise Token



  • Documentation:
  • Summary: GitLab is an open-source code hosting website that provides issue tracking, continuous integration and deployment pipeline. This detector aims at detecting tokens used to programmatically act on behalf of a user. In particular, this detector matches token/host couples that are used for on-premise GitLab installations.
  • IPs allowlist: Allowlists are supported for self-managed installs.
  • Scopes: Scopes can be set when creating an access token, more information in the scopes documentation.

Revoke the secret#

Tokens can be revoked from the user's dashboard or programmatically.

Check for suspicious activity#

For each personal token, GitLab displays the last used date, under Settings and Access Tokens.

Details for Gitlab enterprise personal token#

  • Family: Api

  • Category: Version control platform

  • Company: GitLab

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 4.89

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: true- type: ContentWhitelistPreValidator  patterns:  - gitlab\.


- text: |    git+
  apikey: C4FSHpor42bkSumYEZuD  host:
- text: |    pat: C4FSHpor42bkSu_YEZu-    branch_id: 1548452    server_url:
  apikey: C4FSHpor42bkSu_YEZu-  host: