►
Description
Quick demo of https://about.gitlab.com/releases/2022/11/22/gitlab-15-6-released/#beta-automatic-revocation-of-leaked-personal-access-tokens
GitLab Secret Detection finds leaked credentials in your codebase so you can revoke them and protect your organization. It detects many kinds of sensitive values, including GitLab Personal Access Tokens.
GitLab is dogfooding a new feature where Personal Access Tokens on GitLab.com are automatically revoked if Secret Detection finds them leaked on the default branch of a public repository.
If your organization is interested in participating in this open beta, please let us know using the form linked in the above release post
A
A
So
you
can
click
through
right
here
to
see
the
basic
documentation
of
either
the
secret
detection
feature
or
the
actual
high-level
architecture
for
how
this
relocation
flow
works.
But
let's
just
give
it
a
try.
So
the
first
thing
we're
going
to
do
here
is
we're
going
to
sign
in
with
a
test
user,
and
this
should
be
enabled
on
any
individual
user.
So
in
this
case
we're
really
just
using
a
separate
test
user.
So
I,
don't
accidentally
one
of
my
employee
tokens.
A
Now
we're
going
to
sign
in
and
go
straight
to
our
profile
page.
A
For
now
we're
just
going
to
leave
this
standard
expiration
and
the
scope
doesn't
really
matter
in
the
case
of
this
feature,
but
we're
going
to
just
stick
with
the
most
minimal
scope.
We
can
just
to
ensure
that
we're
minimizing
our
risk
so
we're
going
to
go
with
the
read
user
scope,
we'll
create
that
access
token
and
showcase
it
here
go
ahead
and
copy
that
to
my
clipboard
and
then
over
here,
I
have
my
separate
user
now
part
of
the
reason
I'm
using
a
separate
user
here.
A
So
as
a
prerequisite,
we
need
to
have
secret
detection
running
to
detect
these
tokens.
If
we
go
over
to
our
vulnerability
report,
you
can
also
see
that
no
tokens
have
yet
been
detected,
so
this
is
empty
and
we
will
go
back
to
the
default
Branch.
Let's
go
ahead
and
just
open
really
any
file
works
here,
but
we'll
do
it
right
here,
add
a
new
variables
block
and
we'll
call
this.
My
secret
lab
tat
token
and
we'll
copy
this
one
here.
A
A
Meanwhile,
that
will
kick
off
a
secondary
call.
That
will
revoke
the
token
and
when
we
reload
our
page
here,
we
will
no
longer
see
an
active
personal
token,
since
this
will
soon
be
revoked.
A
A
Okay,
so
the
configuration
is
valid,
thankfully,
and
we
can
go
over
to
the
pipeline
page
to
see
our
latest
pipeline.
A
A
A
We
see
that
we
no
longer
have
a
active
personal
access
token,
and
if
we
refresh
our
vulnerability
page
here,
we
still
see
that
it
needs
triage,
because
there
was
a
leak.
It
requires
a
certain
to
review
the
change
and
make
sure
that
it
was
not
used
in
the
second
or
so
that
it
was
live
and
if
you
click
through
scroll
to
the
bottom
here,
you
will
see
detected
one
minute
ago
in
this
pipeline,
and
that
is
the
feature.
A
This
open
Beta
is
rolling
out
to
use
it
gradually
as
we're
taking
on
test
groups
and
ensuring
that
it
works
as
expected
and
keeps
everyone
on
the
platform
safe.
You
will
see
further
news
about
this
in
upcoming
releases.
Thank
you
for
listening
and
reach
out.
If
you
have
any
questions.