Skip to main content

GitLab Token

Description#

General#

  • Documentation: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html
  • Summary: GitLab is an open-source code hosting website that provides issue tracking, continuous integration and deployment pipeline. This detector aims at detecting tokens used to programmatically act on behalf of a user.
  • IPs allowlist: Allowlists are supported for self-managed installs.
  • Scopes: A range of scopes can be set when creating an access token, more information in the scopes documentation.

Revoke the secret#

Tokens can be revoked from the user's dashboard or programmatically.

Check for suspicious activity#

For each personal token, GitLab displays the last used date, under Settings and Access Tokens.

Details for Gitlab token#

  • Family: Api

  • Category: Version control platform

  • Company: GitLab

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 11.95

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r|m)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - gitlab

Examples#

- text: >    git+https://gitlab+deploy-token-4:taivmyYoedWX8uwxvrR-@git.icare.univ-luzy1.fr/aero/eurochamp-componen
  apikey: taivmyYoedWX8uwxvrR-
- text: |    +gitlab_config    +set _SCRIPTDIR=%CD%    +popd    +    +set _TOKEN=u_zz1rnzC26JFwjAzAPu
  apikey: u_zz1rnzC26JFwjAzAPu
- text: |    GitLab Runner    +  runnerRegistrationToken: "tQtCbx5UZy_ByS7FyzhU"    +  # resources:    +  #   limits:    +  #     memory:
  apikey: tQtCbx5UZy_ByS7FyzhU

Details for Gitlab personal token#

  • Family: Api

  • Category: Version control platform

  • Company: GitLab

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.51

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r|m)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - gitlab

Examples#

- text: |    'my gitlab token is set below.    I want something that is not handled by the AssignmentRegexMatcher not to interfer    with the gitlab_token detector    "qZ3do4vK3MiSHbE29vAQ"'  apikey: qZ3do4vK3MiSHbE29vAQ

Details for Gitlab personal token v2#

  • Family: Api

  • Category: Version control platform

  • Company: GitLab

  • High recall: True

  • Validity check available: True

  • On-premise instances exist: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: very rare

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator  patterns:  - glpat-

Examples#

- text: |    The prefixed gitlab personal token    glpat-SNixgZ5e6NWeo1Wwga11  apikey: glpat-SNixgZ5e6NWeo1Wwga11