►
From YouTube: Group Level Access Token Demo
Description
Group access tokens let you perform actions at the group level and manage the projects within the group with a single token. This demo shows how self-managed customers can create group access tokens through the Rails console to authenticate with the GitLab API. In 14.2, we've also fixed an issue that previously prevented group tokens from authenticating with Git over HTTP, so it's now possible to use a group token as Git credentials.
Group token workaround snippet: https://gitlab.com/gitlab-org/gitlab/-/snippets/2157599
Issue: https://gitlab.com/gitlab-org/gitlab/-/issues/330718
Milestone: 14.2
Group: Manage::Access
A
Hi,
I'm
serena,
I'm
a
back-end
engineer
on
the
manage
access
team
at
gitlab.
Today,
I'm
going
to
show
you
how
to
use
the
group
access
token
workaround
to
authenticate
with
the
gitlab
api.
This
workaround
is
only
available
for
self-managed
instances
because
it
requires
rails
console
access.
Also,
since
this
is
just
a
workaround,
there
is
no
official
documentation
and
this
feature
is
subject
to
change
in
future
releases
in
14.2.
A
You
could
use
a
personal
access
token
associated
with
a
real
user
in
the
group,
but
it's
not
best
practice
to
use
an
individual's
credentials,
since
this
creates
an
over-privileged
account
and
can
break
scripts
that
use
that
token.
If
the
associated
user
ever
leaves
the
group,
you
could
also
create
a
project
access
token
for
each
project
within
the
group,
but
it
can
become
complicated
to
manage
that
many
project
tokens.
A
A
better
solution
in
this
use
case
is
to
use
a
group
level
access
token.
While
we
don't
currently
support
group
access
token
creation
through
the
ui,
it
is
possible
to
create
group
level
tokens
via
the
rails.
Console.
Please
note
that
this
work
around
does
require
access
to
the
rails
console,
so
this
is
only
available
for
self-managed
instances
until
we
officially
support
this
feature.
A
So,
let's
fire
up
the
rails
console
and
create
a
group
token.
The
bot
user's
name
is
the
name
of
the
token
their
username
should
follow.
The
pattern
group
underscore
group
id
underscore
bot,
so
here
it's
group
109
bot,
their
email
should
be
group
group
id
bot
at
example.com
and
their
user
type
should
be
projectbot.