Personal access tokens
Introduced in GitLab 8.8.
You can also use personal access tokens to authenticate against Git over HTTP or SSH. They must be used when you have Two-Factor Authentication (2FA) enabled. Authenticate with a token in place of your password.
To make authenticated requests to the API, use either the
private_token parameter or the
The expiration of personal access tokens happens on the date you define, at midnight UTC.
Creating a personal access token
You can create as many personal access tokens as you like from your GitLab profile.
- Log in to GitLab.
- In the upper-right corner, click your avatar and select Settings.
- On the User Settings menu, select Access Tokens.
- Choose a name and optional expiry date for the token.
- Choose the desired scopes.
- Click the Create personal access token button.
- Save the personal access token somewhere safe. Once you leave or refresh the page, you won't be able to access it again.
Revoking a personal access token
At any time, you can revoke any personal access token by clicking the respective Revoke button under the Active Personal Access Token area.
Limiting scopes of a personal access token
Personal access tokens can be created with one or more scopes that allow various actions that a given token can perform. The available scopes are depicted in the following table.
||GitLab 8.15||Allows access to the read-only endpoints under
||GitLab 8.15||Grants complete read/write access to the API, including all groups and projects, the container registry, and the package registry.|
||GitLab 9.3||Allows to read (pull) container registry images if a project is private and authorization is required.|
||GitLab 10.2||Allows performing API actions as any user in the system (if the authenticated user is an admin).|
||GitLab 10.7||Allows read-only access (pull) to the repository through git clone.|
||GitLab 11.11||Allows read-write access (pull, push) to the repository through git clone. Required for accessing Git repositories over HTTP when 2FA is enabled.|