Gitlab Feature Flags Client token with project id
Description
General
- Documentation: https://docs.gitlab.com/operations/feature_flags/#get-access-credentials
- Summary: Gitlab feature flags can be accessed by applications using a dedicated type of tokens, compatible with Unleash SDKs. This detector is able to detect both the token and the project id in order to be able to check the token.
Revoke the secret
A token can be revoked by generating a new one from the Gitlab web interface.
Check for suspicious activity
Details for Gitlab feature flags client token with project id
-
Family: token
-
Category: version_control_platform
-
Company: GitLab
-
High recall: False
-
Validity check available: True
-
Analyzer available: False
-
On-premise instances exist: True
-
Only valid secrets raise an alert: False
-
Minimum number of matches: 2
-
Occurrences found for one million commits: 0.012
-
Prefixed: False
-
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- glffct-
Examples
# Examples from https://docs.gitlab.com/operations/feature_flags/#feature-flags-api-information
- text: |
unleash.Initialize(
unleash.WithUrl("https://gitlab.com/api/v4/feature_flags/unleash/64889000"),
unleash.WithInstanceId("glffct-L9k7kxw4HhgZrKntJvpa"),
unleash.WithAppName("production"),
unleash.WithListener(&metricsInterface{}),
)
project_id: '64889000'
apikey: 'glffct-L9k7kxw4HhgZrKntJvpa'
- text: |
unleash = Unleash::Client.new({
url: 'http://gitlab.com/api/v4/feature_flags/unleash/64889000',
app_name: 'production',
instance_id: 'glffct-29QmjsW6KngPR5JNPMWx'
})
project_id: '64889000'
apikey: 'glffct-29QmjsW6KngPR5JNPMWx'
