Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/user/project/settings/project_access_tokens.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/user/project/settings/project_access_tokens.md')
-rw-r--r--doc/user/project/settings/project_access_tokens.md60
1 files changed, 43 insertions, 17 deletions
diff --git a/doc/user/project/settings/project_access_tokens.md b/doc/user/project/settings/project_access_tokens.md
index 42ba2654b42..cbc4895f014 100644
--- a/doc/user/project/settings/project_access_tokens.md
+++ b/doc/user/project/settings/project_access_tokens.md
@@ -1,17 +1,24 @@
-# Project access tokens (Alpha) **(CORE ONLY)**
+---
+stage: Create
+group: Source Code
+info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers"
+type: reference, howto
+---
-CAUTION: **Warning:**
-This is an [Alpha](https://about.gitlab.com/handbook/product/#alpha) feature, and it is subject to change at any time without
-prior notice.
+# Project access tokens **(CORE ONLY)**
> - [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/2587) in GitLab 13.0.
-> - It's deployed behind a feature flag, disabled by default.
+> - It was [deployed](https://gitlab.com/groups/gitlab-org/-/epics/2587) behind a feature flag, disabled by default.
+> - [Became enabled by default](https://gitlab.com/gitlab-org/gitlab/-/issues/218722) in GitLab 13.3.
> - It's disabled on GitLab.com.
-> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-project-access-tokens).
+> - It can be enabled or disabled by project.
+> - It's recommended for production use.
+> - For GitLab self-managed instances, GitLab administrators can [disable it](#enable-or-disable-project-access-tokens).
Project access tokens are scoped to a project and can be used to authenticate with the [GitLab API](../../../api/README.md#personalproject-access-tokens).
-You can also use project access tokens with Git to authenticate over HTTP or SSH.
+<!-- Commented out until https://gitlab.com/gitlab-org/gitlab/-/issues/219551 is fixed -->
+<!-- You can also use project access tokens with Git to authenticate over HTTP or SSH. -->
Project access tokens expire on the date you define, at midnight UTC.
@@ -21,7 +28,7 @@ For examples of how you can use a project access token to authenticate with the
1. Log in to GitLab.
1. Navigate to the project you would like to create an access token for.
-1. In the **{settings}** **Settings** menu choose **Access Tokens**.
+1. In the **Settings** menu choose **Access Tokens**.
1. Choose a name and optional expiry date for the token.
1. Choose the [desired scopes](#limiting-scopes-of-a-project-access-token).
1. Click the **Create project access token** button.
@@ -31,8 +38,14 @@ For examples of how you can use a project access token to authenticate with the
## Project bot users
For each project access token created, a bot user will also be created and added to the project with
-["Maintainer" level permissions](../../permissions.md#project-members-permissions). API calls made with a
-project access token will be associated to the corresponding bot user.
+["Maintainer" level permissions](../../permissions.md#project-members-permissions).
+
+For the bot:
+
+- The name is set to the name of the token.
+- The username is set to `project_{project_id}_bot`, such as `project_123_bot`.
+
+API calls made with a project access token are associated with the corresponding bot user.
These users will appear in **Members** but can not be modified.
Furthermore, the bot user can not be added to any other project.
@@ -41,10 +54,12 @@ When the project access token is [revoked](#revoking-a-project-access-token) the
records will be moved to a system-wide user with the username "Ghost User". For more information,
see [Associated Records](../../profile/account/delete_account.md#associated-records).
+Project bot users are a [GitLab-created service account](../../../subscriptions/index.md#self-managed) and do not count as a licensed seat.
+
## Revoking a project access token
At any time, you can revoke any project access token by clicking the
-respective **Revoke** button in **{settings}** **Settings > Access Tokens**.
+respective **Revoke** button in **Settings > Access Tokens**.
## Limiting scopes of a project access token
@@ -63,19 +78,30 @@ the following table.
### Enable or disable project access tokens
-Project access tokens is an [Alpha](https://about.gitlab.com/handbook/product/#alpha) feature and is not recommended for production use.
-It is deployed behind a feature flag that is **disabled by default**.
+Project access tokens are deployed behind a feature flag that is **enabled by default**.
[GitLab administrators with access to the GitLab Rails console](../../../administration/feature_flags.md)
-can enable it for your instance.
+can disable it for your instance, globally or by project.
+
+To disable it globally:
+
+```ruby
+Feature.disable(:resource_access_token)
+```
-To enable it:
+To disable it for a specific project:
+
+```ruby
+Feature.disable(:resource_access_token, project)
+```
+
+To enable it globally:
```ruby
Feature.enable(:resource_access_token)
```
-To disable it:
+To enable it for a specific project:
```ruby
-Feature.disable(:resource_access_token)
+Feature.enable(:resource_access_token, project)
```
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-21 23:23:25 +0300