feat: Add support for GitLab Token rotation (!398) · Merge requests · GitLab.com / GitLab Infrastructure Team / pmv

Andrew Newdigate requested to merge gitlab-token-rotation into main May 17, 2024

Adds a new GitLab Token rotation command.

`rotate gitlab <tag>`

Uses the GitLab Token rotation API to rotate a token. By default, the new token will have an expiry 1 day less than 1 year into the future.

$ pmv rotate gitlab "MyTag"
pmv: 🔓 Fetching 1password items tag=Dedicated/Sandbox/GitLab.com/PAT:Personal
pmv: 🧩 Loaded item title="GitLab Access Token: GitLab.com PAT for Sandbox Access (api): https://gitlab.com: andrewn"
pmv: 🔓 Complete, loaded items...
pmv: 🔑  Rotating token in GitLab...
pmv: 🔑  New token expiry date... expires_at=2025-05-16
pmv: 🐣  Creating new 1password item...
pmv: 🐣 Created item link=https://start.1password.com/open/...
pmv: 🗑️  Deleting old 1password item.
pmv: 🚀 Rotation complete...

Unfortunately this can only be used for Personal Access Tokens at present, until gitlab-org/gitlab#462419 (closed) is resolved.
Use the --expires argument to set an expiry. This can either be a date in YYYY-MM-DD format, for a duration, eg: 30d.

Edited May 17, 2024 by Andrew Newdigate

feat: Add support for GitLab Token rotation

rotate gitlab <tag>

Merge request reports

`rotate gitlab <tag>`