GitLab Personal Access Token
Service Name: GitLab
Service Description: GitLab is a web-based DevOps lifecycle tool that provides a Git repository manager providing wiki, issue-tracking and continuous integration/continuous deployment pipeline features.
Service Address: https://gitlab.com/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level for GitLab self-managed instances or through GitLab Premium/Ultimate for GitLab.com.
Secret Access Scope: Grants programmatic access to GitLab repositories, projects, and APIs based on the scopes selected when creating the token.
Secret Revokement URL: https://gitlab.com/-/profile/personal_access_tokens
Secret Example: glpat-XYZ1234abcdefghijklmnopqrstuvwxyz56789
Suspicious Activity Investigation Instructions:
- Review GitLab audit logs for unusual activity associated with the token
- Check for unauthorized repository access, code changes, or project modifications
- Monitor for unexpected API calls or resource access
- Examine project history for unauthorized commits or merges
- Review runner activity for unauthorized CI/CD pipeline executions
Mitigation Instructions:
- Log in to your GitLab account
- Navigate to your user profile by clicking on your avatar in the top-right corner
-
Select "Edit profile"
-
Click on "Access Tokens" in the left sidebar
- Locate the compromised token in the list
- Click the "Revoke" button next to the token
- Create a new token with appropriate scopes if needed
- Review project access permissions and update as necessary
- Enable two-factor authentication if not already enabled
- Consider implementing shorter token expiration periods for future tokens