Skip to content

GitLab Personal Access Token

Service Name: GitLab

Service Description: GitLab is a web-based DevOps lifecycle tool that provides a Git repository manager providing wiki, issue-tracking and continuous integration/continuous deployment pipeline features.

Service Address: https://gitlab.com/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level for GitLab self-managed instances or through GitLab Premium/Ultimate for GitLab.com.

Secret Access Scope: Grants programmatic access to GitLab repositories, projects, and APIs based on the scopes selected when creating the token.

Secret Revokement URL: https://gitlab.com/-/profile/personal_access_tokens

Secret Example: glpat-XYZ1234abcdefghijklmnopqrstuvwxyz56789

Suspicious Activity Investigation Instructions:

  • Review GitLab audit logs for unusual activity associated with the token
  • Check for unauthorized repository access, code changes, or project modifications
  • Monitor for unexpected API calls or resource access
  • Examine project history for unauthorized commits or merges
  • Review runner activity for unauthorized CI/CD pipeline executions

Mitigation Instructions:

  • Log in to your GitLab account
  • Navigate to your user profile by clicking on your avatar in the top-right corner
  • Select "Edit profile"

  • Click on "Access Tokens" in the left sidebar

  • Locate the compromised token in the list
  • Click the "Revoke" button next to the token
  • Create a new token with appropriate scopes if needed
  • Review project access permissions and update as necessary
  • Enable two-factor authentication if not already enabled
  • Consider implementing shorter token expiration periods for future tokens