diff options
Diffstat (limited to 'doc/user/project/settings/project_access_tokens.md')
-rw-r--r-- | doc/user/project/settings/project_access_tokens.md | 60 |
1 files changed, 43 insertions, 17 deletions
diff --git a/doc/user/project/settings/project_access_tokens.md b/doc/user/project/settings/project_access_tokens.md index 42ba2654b42..cbc4895f014 100644 --- a/doc/user/project/settings/project_access_tokens.md +++ b/doc/user/project/settings/project_access_tokens.md @@ -1,17 +1,24 @@ -# Project access tokens (Alpha) **(CORE ONLY)** +--- +stage: Create +group: Source Code +info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers" +type: reference, howto +--- -CAUTION: **Warning:** -This is an [Alpha](https://about.gitlab.com/handbook/product/#alpha) feature, and it is subject to change at any time without -prior notice. +# Project access tokens **(CORE ONLY)** > - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/2587) in GitLab 13.0. -> - It's deployed behind a feature flag, disabled by default. +> - It was [deployed](https://gitlab.com/groups/gitlab-org/-/epics/2587) behind a feature flag, disabled by default. +> - [Became enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/218722) in GitLab 13.3. > - It's disabled on GitLab.com. -> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-project-access-tokens). +> - It can be enabled or disabled by project. +> - It's recommended for production use. +> - For GitLab self-managed instances, GitLab administrators can [disable it](#enable-or-disable-project-access-tokens). Project access tokens are scoped to a project and can be used to authenticate with the [GitLab API](../../../api/README.md#personalproject-access-tokens). -You can also use project access tokens with Git to authenticate over HTTP or SSH. +<!-- Commented out until https://gitlab.com/gitlab-org/gitlab/-/issues/219551 is fixed --> +<!-- You can also use project access tokens with Git to authenticate over HTTP or SSH. --> Project access tokens expire on the date you define, at midnight UTC. @@ -21,7 +28,7 @@ For examples of how you can use a project access token to authenticate with the 1. Log in to GitLab. 1. Navigate to the project you would like to create an access token for. -1. In the **{settings}** **Settings** menu choose **Access Tokens**. +1. In the **Settings** menu choose **Access Tokens**. 1. Choose a name and optional expiry date for the token. 1. Choose the [desired scopes](#limiting-scopes-of-a-project-access-token). 1. Click the **Create project access token** button. @@ -31,8 +38,14 @@ For examples of how you can use a project access token to authenticate with the ## Project bot users For each project access token created, a bot user will also be created and added to the project with -["Maintainer" level permissions](../../permissions.md#project-members-permissions). API calls made with a -project access token will be associated to the corresponding bot user. +["Maintainer" level permissions](../../permissions.md#project-members-permissions). + +For the bot: + +- The name is set to the name of the token. +- The username is set to `project_{project_id}_bot`, such as `project_123_bot`. + +API calls made with a project access token are associated with the corresponding bot user. These users will appear in **Members** but can not be modified. Furthermore, the bot user can not be added to any other project. @@ -41,10 +54,12 @@ When the project access token is [revoked](#revoking-a-project-access-token) the records will be moved to a system-wide user with the username "Ghost User". For more information, see [Associated Records](../../profile/account/delete_account.md#associated-records). +Project bot users are a [GitLab-created service account](../../../subscriptions/index.md#self-managed) and do not count as a licensed seat. + ## Revoking a project access token At any time, you can revoke any project access token by clicking the -respective **Revoke** button in **{settings}** **Settings > Access Tokens**. +respective **Revoke** button in **Settings > Access Tokens**. ## Limiting scopes of a project access token @@ -63,19 +78,30 @@ the following table. ### Enable or disable project access tokens -Project access tokens is an [Alpha](https://about.gitlab.com/handbook/product/#alpha) feature and is not recommended for production use. -It is deployed behind a feature flag that is **disabled by default**. +Project access tokens are deployed behind a feature flag that is **enabled by default**. [GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md) -can enable it for your instance. +can disable it for your instance, globally or by project. + +To disable it globally: + +```ruby +Feature.disable(:resource_access_token) +``` -To enable it: +To disable it for a specific project: + +```ruby +Feature.disable(:resource_access_token, project) +``` + +To enable it globally: ```ruby Feature.enable(:resource_access_token) ``` -To disable it: +To enable it for a specific project: ```ruby -Feature.disable(:resource_access_token) +Feature.enable(:resource_access_token, project) ``` |