diff options
Diffstat (limited to 'doc/security/token_overview.md')
| -rw-r--r-- | doc/security/token_overview.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/security/token_overview.md b/doc/security/token_overview.md index e585f2caeca..0c9734cad36 100644 --- a/doc/security/token_overview.md +++ b/doc/security/token_overview.md @@ -1,7 +1,7 @@ --- stage: Manage group: Authentication and Authorization -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments type: reference --- @@ -129,7 +129,7 @@ This table shows available scopes per token. Scopes can be limited further on to also generally logged by proxies and application servers, which makes those credentials visible to system administrators. Instead, pass API calls an access token using headers like [the `Private-Token` header](../api/index.md#personalprojectgroup-access-tokens). - Tokens can also be stored using a [Git credential storage](https://git-scm.com/book/en/v2/Git-Tools-Credential-Storage). -- Tokens should not be committed to your source code. Instead, consider an approach such as [using external secrets in CI](../ci/secrets/index.md). +- Tokens must not be committed to your source code. Instead, consider an approach such as [using external secrets in CI](../ci/secrets/index.md). - When creating a scoped token, consider using the most limited scope possible to reduce the impact of accidentally leaking the token. - When creating a token, consider setting a token that expires when your task is complete. For example, if performing a one-off import, set the token to expire after a few hours or a day. This reduces the impact of a token that is accidentally leaked because it is useless when it expires. |