Using GitLab token to clone without authentication

188
votes

I want to clone GitLab repository without prompt for my automation script, by using my private token from my GitLab account.

Can someone provide me a sample?

I know I can do so with user and password:

git clone https://" + user + ":" + password + "@" + gitlaburl;

and I know it is possible with ssh key

But, both options are insufficient.

15
gitlab
git clone https://<token-name>:<token>@gitlaburlKinght 金
for me the usefull syntax was: https://$GIT_USERNAME:$GITLAB_PERSONAL_ACCESS_TOKEN@gitlaburluser1767316

15 Answers

274
votes

I know this is old but this is how you do it:

git clone https://oauth2:[email protected]/vendor/package.git

59
votes

The gitlab has a lot of tokens:

  • Private token
  • Personal Access Token
  • CI/CD running token

I tested only the Personal Access Token using GitLab Community Edition 10.1.2, the example:

git clone https://gitlab-ci-token:${Personal Access Tokens}@gitlab.com/username/myrepo.git


git clone https://oauth2:${Personal Access Tokens}@gitlab.com/username/myrepo.git

or using username and password:

git clone https://${username}:${password}@gitlab.com/username/myrepo.git

or by input your password:

git clone https://${username}@gitlab.com/username/myrepo.git

But the private token seems can not work.

43
votes

You can do it like this:

git clone https://gitlab-ci-token:<private token>@git.example.com/myuser/myrepo.git
32
votes

Use the token instead of the password (the token needs to have "api" scope for clone to be allowed):

git clone https://username:[email protected]/user/repo.git

Tested against 11.0.0-ee.

19
votes

If you already has a repository and just changed the way you do authentication to MFA, u can change your remote origin HTTP URI to use your new api token as follows:

git remote set-url origin https://oauth2:TOKEN@ANY_GIT_PROVIDER_DOMAIN/YOUR_PROJECT/YOUR_REPO.git

And you wont need to re-clone the repository at all.

14
votes

You can use the runners token for CI/CD Pipelines of your GitLab repo.

git clone https://gitlab-ci-token:<runners token>@git.example.com/myuser/myrepo.git

Where <runners token> can be obtained from:

git.example.com/myuser/myrepo/pipelines/settings

or by clicking on the Settings icon -> CI/CD Pipeline and look for Runners Token on the page

Screenshot of the runners token location: Screenshot of the runners token location

10
votes

One possible way is using a deploy token (https://docs.gitlab.com/ee/user/project/deploy_tokens). After creating the token, use:

git clone https://<username>:<deploy_token>@gitlab.example.com/tanuki/awesome_project.git

as mentioned in the link above.

9
votes

As of 8.12, cloning using HTTPS + runner token is not supported anymore, as mentioned here:

In 8.12 we improved build permissions. Being able to clone project using runners token it is no supported from now on (it was actually working by coincidence and was never a fully fledged feature, so we changed that in 8.12). You should use build token instead.

This is widely documented here - https://docs.gitlab.com/ce/user/project/new_ci_build_permissions_model.html.

8
votes

Inside a GitLab CI pipeline the CI_JOB_TOKEN environment variable works for me:

git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/...

Source: Gitlab Docs

BTW, setting this variable in .gitlab-ci.yml helps to debug errors.

variables:
    CI_DEBUG_TRACE: "true"
5
votes

many answers above are close, but they get ~username syntax for deploy tokens incorrect. There are other types of tokens, but the deploy token is what gitlab offers (circa 2020+ at least) per repo to allow customized access, including read-only.

from a repository (or group), find the settings --> repository --> deploy tokens. Create a new one. A username and token field are created. The username is NOT a fixed value by default; it's unique to this token.

git clone https://<your_deploy_token_username>:<the_token>@gitlab.com/your/repo/path.git

tested on gitlab.com public, free account.

2
votes

I went SSH using the per project deploy keys setting (read only)

1
votes

To make my future me happy: RTFM - don't use the gitlab-ci-token at all, but the .netrc file.

There are a couple of important points:

  1. echo -e "machine gitlab.com\nlogin gitlab-ci-token\npassword ${CI_JOB_TOKEN}" > ~/.netrc
  2. Don't forget to replace "gitlab.com" by your URL!
  3. Don't try to be smart and create the .netrc file directly - gitlab will not replace the $CI_JOB_TOKEN within the file!
  4. Use https://gitlab.com/whatever/foobar.com - not ssh://git@foobar, not git+ssh://, not git+https://. You also don't need any CI-TOKEN stuff in the URL.
  5. Make sure you can git clone [url from step 4]

Background: I got

fatal: could not read Username for 'https://gitlab.mycompany.com': No such device or address

when I tried to make Ansible + Gitlab + Docker work as I imagine it. Now it works.

1
votes

These days (Oct 2020) you can use just the following

git clone $CI_REPOSITORY_URL

Which will expand to something like:

git clone https://gitlab-ci-token:[MASKED]@gitlab.com/gitlab-examples/ci-debug-trace.git

Where the "token" password is ephemeral token, it should be revoked after a build is complete.

0
votes

In my case, I just provided the token instead the password (second input field).

enter image description here

I pushed a local repo for the first time from the command line.

From the scratch, these are the commands I entered (remember to move inside the repo's folder first).

$ git init

$ git status

$ git add .

$ git status

$ git commit -m 'Shinra Tensei.'

$ git push --set-upstream https://gitlab.com/userName/my-repo.git master

Then, the pop-up message you can see in the picture comes up. Provided USERNAME and TOKEN.

-1
votes

Customising the URL is not needed. Just use a git configuration for gitlab tokens such as

git config --global gitlab.accesstoken {TOKEN_VALUE}

extended description here