Skip to main content

GitLab Enterprise Token

Description

General

  • Documentation: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html
  • Summary: GitLab is an open-source code hosting website that provides issue tracking, continuous integration and deployment pipeline. This detector aims at detecting tokens used to programmatically act on behalf of a user. In particular, this detector matches token/host couples that are used for on-premise GitLab installations.
  • IPs allowlist: Allowlists are supported for self-managed installs.
  • Scopes: Scopes can be set when creating an access token, more information in the scopes documentation.

Revoke the secret

Tokens can be revoked from the user's dashboard or programmatically.

Check for suspicious activity

For each personal token, GitLab displays the last used date, under Settings and Access Tokens.

Details for Gitlab enterprise personal token

  • Family: Api

  • Category: Version control platform

  • Company: GitLab

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 4.89

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: true
- type: ContentWhitelistPreValidator
patterns:
- gitlab\.

Examples

- text: |
git+https://developer:C4FSHpor42bkSumYEZuD@gitlab.secrets.tech/modules/squalize-auto.git

apikey: C4FSHpor42bkSumYEZuD
host: gitlab.secrets.tech

- text: |
pat: C4FSHpor42bkSu_YEZu-
branch_id: 1548452
server_url: gitlab.guardian.com

apikey: C4FSHpor42bkSu_YEZu-
host: gitlab.guardian.com

How can I help you ?