Using GitLab token to clone without authentication

M

19

323

I want to clone GitLab repository without prompt for my automation script, by using my private token from my GitLab account.

Can someone provide me a sample?

I know I can do so with user and password:

git clone https://" + user + ":" + password + "@" + gitlaburl;

and I know it is possible with ssh key

But, both options are insufficient.

Merriweather answered 20/8, 2014 at 16:18 Comment(3)

git clone https://<token-name>:<token>@gitlaburl – Walter 10/5, 2019 at 3:44

for me the usefull syntax was: https://$GIT_USERNAME:$GITLAB_PERSONAL_ACCESS_TOKEN@gitlaburl – Adolf 20/5, 2021 at 12:58

for me the usefull syntax was: pat:<token>@gitlab.com/org/proj – Matti 1/11, 2022 at 18:18

R

482

This is how you do it:

git clone https://oauth2:[email protected]/vendor/package.git

Respectful answered 10/4, 2015 at 21:5 Comment(15)

This worked for me on GitLab 8.5.7 Enterprise Edition. – Mcdougal 5/8, 2016 at 2:45

Works here (GitLab Community Edition 8.16.5 064dab1) – Bourn 6/4, 2017 at 16:15

It works! I wonder why on gitlab.com on project details they don't give the complete command syntax :-(( – Patchy 28/2, 2018 at 17:16

Works for Gitlab 10.4.4 but you need to make an api token. A read_user can only read repos under /users – Foote 17/3, 2018 at 15:22

If there is a submodule inside, which hosted under the same account, the clone will still prompt to type in username and password. Is there any workaround? – Dextrad 10/9, 2018 at 18:14

The oauth2 portion is probably arbitrary. I put the name of the access token instead. – Ewold 16/10, 2018 at 20:19

This worked for me, after create token with API permissions – Gunpaper 8/11, 2018 at 11:56

How to use this over ssh? – Topliffe 2/4, 2019 at 6:0

This answer helped me a lot but a pratical example solved my problem. Supposing to use GitLab, the solution is "git clone oauth2:[email protected]/pippo/projectname.git", where PERSONAL_ACCESS_TOKEN = a3Fae3FaQty5aq and pippo = username. Hope it will be helpful – Subjoinder 19/6, 2020 at 7:25

Even read_api and write_api permissions are not enough. You have to have api. – Reddy 2/12, 2020 at 14:48

Gitlab dot com should have this on their landing page under "cloning your repo ? do this first" – Hassiehassin 5/1, 2022 at 4:1

On Gitlab 14.7 (probably earlier versions too) any username (even blank username) will do as well: git clone https://xxx:[email protected]/group/project.git Change xxx for empty string or any of your choice – Suggestible 8/2, 2022 at 19:9

@EllaSharakanski - currently, using https access, the read_repository permission is sufficient in order to clone a git repository. – Kirkcudbright 21/11, 2022 at 13:3

git clone https://:[email protected]/group/projet.git – Converse 15/2, 2023 at 20:58

For people coming here in 2024 and wondering why this is not working... the create token dialog has a new dropdown called "Role". I think at least "developer" or higher needs to bee selected for this to work 👍️ – Deni 16/1 at 12:1

E

140

The gitlab has a lot of tokens:

Private token
Personal Access Token
CI/CD running token

I tested only the Personal Access Token using GitLab Community Edition 10.1.2, the example:

git clone https://gitlab-ci-token:${Personal Access Tokens}@gitlab.com/username/myrepo.git


git clone https://oauth2:${Personal Access Tokens}@gitlab.com/username/myrepo.git

or using username and password:

git clone https://${username}:${password}@gitlab.com/username/myrepo.git

or by input your password:

git clone https://${username}@gitlab.com/username/myrepo.git

But the private token seems can not work.

Edelstein answered 24/11, 2017 at 10:18 Comment(3)

Note that private tokens were removed in favour of personal access tokens in GitLab 10.2: about.gitlab.com/2017/09/22/gitlab-10-0-released/… – Faiyum 11/11, 2018 at 6:5

And about user+password+token? How to express all in one URL? Now my gitlab-software server use all, login and two-factor (or token). – Forbade 6/1, 2021 at 22:53

what are the differences for gitlab-ci-token, oauth2 and x-access-token? all of these 3 work for me. – Geniegenii 20/4, 2022 at 6:44

D

60

Use the token instead of the password (the token needs to have "api" scope for clone to be allowed):

git clone https://username:[email protected]/user/repo.git

Tested against 11.0.0-ee.

Deaminate answered 22/6, 2018 at 5:14 Comment(3)

For people Googling this: this is what you want if using Personal Access Tokens over HTTPS on gitlab.com. – Urano 10/8, 2019 at 13:50

Isn't it amazing that we have to find this here and not on the GitLab Docs page on Personal Access Tokens? – Nutwood 14/2, 2021 at 5:54

Thx for "the token needs to have "api" scope for clone to be allowed"! – Synaeresis 19/8, 2022 at 9:44

M

53

You can do it like this:

git clone https://gitlab-ci-token:<private token>@git.example.com/myuser/myrepo.git

Monomerous answered 25/1, 2016 at 22:39 Comment(9)

this seems right but it always fails authentication for me :( – Luscious 25/4, 2016 at 1:52

same to me: fatal: Authentication failed for – Sternick 3/5, 2016 at 10:22

<private token> needs to be replaced with the CI runner's token, not the account's private token. – Stationmaster 2/6, 2016 at 15:8

i think you should also be able to use your personal token right @tim – Stidham 2/7, 2016 at 10:55

You can use the project specific ci token (enable builds, then go to the project/runners config). – Severin 26/7, 2016 at 19:10

but I host an gitlab server for myself and its version is 6.6.2. I only have private token. When I run the command git clone https://" + user + ":" + password + "@" + gitlaburl; I got error fatal: Authentication failed for . same as @Sternick – Cysto 9/2, 2017 at 12:2

It still works for me. @Cysto Did you try generating the personal access token with api scope, from the Acess Tokens section under user settings. – Airliah 8/3, 2018 at 6:52

tested using personal access token, works as of 2019-03 – Noami 4/3, 2019 at 15:29

This solution worked for me, the highest voted solution (using oauth2) did not work. Literally just changed from oauth2 to gitlab-ci-token and it started working – Alamode 8/3, 2019 at 20:2

L

36

If you already has a repository and just changed the way you do authentication to MFA, u can change your remote origin HTTP URI to use your new api token as follows:

git remote set-url origin https://oauth2:TOKEN@ANY_GIT_PROVIDER_DOMAIN/YOUR_PROJECT/YOUR_REPO.git

And you wont need to re-clone the repository at all.

Longanimity answered 3/9, 2018 at 17:51 Comment(1)

git clone https://oauth2:TOKEN@ANY_GIT_PROVIDER_DOMAIN/YOUR_PROJECT/YOUR_REPO.git also worked for me, thank you!! I will Answer this thread with my correct solution. – Gunpaper 8/11, 2018 at 11:54

H

16

You can use the runners token for CI/CD Pipelines of your GitLab repo.

git clone https://gitlab-ci-token:<runners token>@git.example.com/myuser/myrepo.git

Where <runners token> can be obtained from:

git.example.com/myuser/myrepo/pipelines/settings

or by clicking on the Settings icon -> CI/CD Pipeline and look for Runners Token on the page

Screenshot of the runners token location:

Holeandcorner answered 17/8, 2016 at 7:2 Comment(6)

Note: The runners token has been deprecated now. – Weighted 22/9, 2016 at 12:34

@ArihantGodha source? – Remonstrance 23/9, 2016 at 10:22

@Remonstrance see here (as of >= 8.12) – Zygodactyl 21/10, 2016 at 11:19

This format is now deprecated, please see stackoverflow.com/questions/25409700/… – Pirnot 17/11, 2017 at 9:43

Doesn't work from inside GitLab CI pipeline. But this line works: git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/... – Starstarboard 30/8, 2018 at 13:47

@Starstarboard It does, but the project you want to clone needs to allow that first. See Settings → CI/CD Settings → Token Access – Bionics 27/9, 2023 at 0:25

T

15

Many answers above are close, but they get ~username syntax for deploy tokens incorrect. There are other types of tokens, but the deploy token is what gitlab offers (circa 2020+ at least) per repo to allow customized access, including read-only.

From a repository (or group), find the settings --> repository --> deploy tokens. Create a new one. A username and token field are created. The username is NOT a fixed value by default; it's unique to this token.

git clone https://<your_deploy_token_username>:<the_token>@gitlab.com/your/repo/path.git

Tested on gitlab.com public, free account.

Tegantegmen answered 1/7, 2020 at 3:36 Comment(0)

S

13

Inside a GitLab CI pipeline the CI_JOB_TOKEN environment variable works for me:

git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/...

Source: Gitlab Docs

BTW, setting this variable in .gitlab-ci.yml helps to debug errors.

variables:
    CI_DEBUG_TRACE: "true"

Starstarboard answered 30/8, 2018 at 13:50 Comment(0)

P

13

One possible way is using a deploy token (https://docs.gitlab.com/ee/user/project/deploy_tokens). After creating the token, use:

git clone https://<username>:<deploy_token>@gitlab.example.com/tanuki/awesome_project.git

as mentioned in the link above.

Peplum answered 2/9, 2018 at 11:59 Comment(1)

Neither does this seem to be working with npm install on a fresh docker container, defaults to ssh. – Brundisium 17/4, 2019 at 10:57

Z

10

As of 8.12, cloning using HTTPS + runner token is not supported anymore, as mentioned here:

In 8.12 we improved build permissions. Being able to clone project using runners token it is no supported from now on (it was actually working by coincidence and was never a fully fledged feature, so we changed that in 8.12). You should use build token instead.

This is widely documented here - https://docs.gitlab.com/ce/user/project/new_ci_build_permissions_model.html.

Zygodactyl answered 21/10, 2016 at 11:51 Comment(4)

It isn't possible using runners tokens but is using personal access tokens. Please see my answer: stackoverflow.com/questions/25409700/… – Pirnot 17/11, 2017 at 9:42

@MuhanAlim I'd recommend no one to expose their whole account using access tokens. That's why they are called Private Access Tokens! – Zygodactyl 17/11, 2017 at 11:9

The question doesn't mention anything about making the key public, only how to use the key in place of a username and password for cloning. But that it is a good point, I would not recommend anyone use the keys anywhere that is public. – Pirnot 17/11, 2017 at 11:45

automation script implies that the whole procedure is not running locally. Probably somewhere where others also have access to. – Zygodactyl 17/11, 2017 at 15:19

A

8

These days (Oct 2020) you can use just the following

git clone $CI_REPOSITORY_URL

Which will expand to something like:

git clone https://gitlab-ci-token:[MASKED]@gitlab.com/gitlab-examples/ci-debug-trace.git

Where the "token" password is ephemeral token (it will be automatically revoked after a build is complete).

Anguilliform answered 19/10, 2020 at 15:49 Comment(1)

How does it know the repository URL that you want? Seems like this would only work in CI/CD for the current repo. – Converse 15/2, 2023 at 21:0

G

5

To make my future me happy: RTFM - don't use the gitlab-ci-token at all, but the .netrc file.

There are a couple of important points:

echo -e "machine gitlab.com\nlogin gitlab-ci-token\npassword ${CI_JOB_TOKEN}" > ~/.netrc
Don't forget to replace "gitlab.com" by your URL!
Don't try to be smart and create the .netrc file directly - gitlab will not replace the $CI_JOB_TOKEN within the file!
Use https://gitlab.com/whatever/foobar.com - not ssh://git@foobar, not git+ssh://, not git+https://. You also don't need any CI-TOKEN stuff in the URL.
Make sure you can git clone [url from step 4]

Background: I got

fatal: could not read Username for 'https://gitlab.mycompany.com': No such device or address

when I tried to make Ansible + Gitlab + Docker work as I imagine it. Now it works.

Guayule answered 17/6, 2019 at 15:19 Comment(1)

I really like this answer as it doesn't require changing the git repo URL in any way. This is super useful if you have an install script where it is difficult or unwanted to change the URLs. – Reorder 3/2 at 17:6

D

4

In my case, I just provided the token instead the password (second input field).

I pushed a local repo for the first time from the command line.

From the scratch, these are the commands I entered (remember to move inside the repo's folder first).

$ git init

$ git status

$ git add .

$ git status

$ git commit -m 'Shinra Tensei.'

$ git push --set-upstream https://gitlab.com/userName/my-repo.git master

Then, the pop-up message you can see in the picture comes up. Provided USERNAME and TOKEN.

Dolph answered 29/7, 2021 at 15:46 Comment(1)

thank you so much, your answer helped me – Primacy 12/11, 2021 at 6:16

M

4

Using PAT (Personal Access Token):

https://pat:<your-token>@gitlab.com/<org>/<proj>

Matti answered 3/3, 2023 at 13:41 Comment(1)

I couldn't find any documentation on this, but it works! – Sasser 13/6, 2023 at 20:44

T

3

I went SSH using the per project deploy keys setting (read only)

Tudor answered 8/2, 2017 at 8:25 Comment(1)

Me too because I am using GIT_STRATEGY: none. – Monosaccharide 22/3, 2018 at 8:59

B

1

One issue I had here was the Project Access Token in private repo will not work if you select "Guest" when creating the token. Using "Reporter" or any other solves the issue.

Blinding answered 16/9, 2023 at 15:3 Comment(0)

O

0

you can change your:

user:oauth2
password : <youraccesstoken>

example:

git clone https://oauth2:<token>@hahahehe.com/yourname/yourproject.git

Oloughlin answered 10/1, 2023 at 4:37 Comment(0)

M

0

It may help: In your gitlab-ci file: Add this on before script step

before_script:
  - git config --global credential.helper store
  - echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}" >> ~/.git-credentials
  - chmod 600 ~/.git-credentials

Thanks

Morin answered 27/2, 2023 at 9:55 Comment(0)

V

-2

Customising the URL is not needed. Just use a git configuration for gitlab tokens such as

git config --global gitlab.accesstoken {TOKEN_VALUE}

extended description here

Vulvitis answered 16/2, 2020 at 7:59 Comment(3)

This did not work for me and I also couldn't find documentation anywhere on a config option with this name – Faythe 3/11, 2020 at 0:2

Have you read the article in the link? This variable is what gitlab will take from your git client to authenticate and you need a personal access token. – Vulvitis 3/11, 2020 at 1:0

I did read the linked article. gitlab.accesstoken does not do anything and there is no documentation anywhere on GitLab referencing it – Faythe 3/11, 2020 at 15:40

Recommended topics

Hot tags