Add shared secrets for Suggested Reviewers GitLab internal API
We consider adding a GitLab internal API endpoint to allow Suggested Reviewers to request project access tokens.
- This API is authenticated via a time-based JWT token.
- The token is signed using a shared secret that is deployed in GitLab and Extracteur and included in every request.
- The primary client of this endpoint is Extracteur which will use the generated token to subsequently query merge requests via the public GraphQL endpoint.
Related issue https://gitlab.com/gitlab-org/gitlab/-/issues/379635
Details
- Point of contact for this request: @tle_gitlab @a_akgun @mray2020
- If a call is needed, what is the proposed date and time of the call: Date and Time
- Additional call details (format, type of call): additional details
SRE Support Needed
- Create a shared secret and share it via 1Password
- Add the secret to
gitlab-secrets
Helm file - Update the
gitlab.yml
config to include a reference to the secret file path (see MR) - Add secret and config to
gitlab-omnibus
Notes
- Similar issue that adds secrets to authenticate to Suggested Reviewers service
Edited by Tan Le