HTTPS based deploy keys (deploy tokens)
Zendesk: https://gitlab.zendesk.com/agent/tickets/31606
We have a client service that needs to clone a repository. It cannot use ssh, and thus cannot use a regular ssh-based deploy key. Is it possible to create a HTTP(S)-based deploy key, so that we can configure the client to access https://SECRETKEY@gitlaburl.com/repo.git?
The repo can be accessed like this:
git clone https://gitlab-ci-token:<YOUR_TOKEN>@<GITLAB_INSTANCE_URL>/<USERNAME_OR_GROUPNAME/<REPO_NAME>.git
However this presents the following worries:
- There is only one such token to be shared for all clients of a project. This makes it harder to revoke access, without having to revisit all client setups.
- The ci-token is unique to each project. If the client will need access to multiple projects, you will need to configure a unique token for each.
- It "feels wrong" to use a token that is specifically named "gitlab-ci-token" for something else.
Customer Proposal
Would it not be smart to extend the "deploy keys" concept with HTTPS-based keys, like this:
- Create the deploy key directly in the user interface (no need to run ssh-keygen locally)
- Works like the ssh-based deploy key, but for https
- Share it between projects, for easy managability (?)
- Create multiple keys for multiple clients, and revoke the ones you need
Edited by Nick Thomas