Skip to content

Use a lower role for project token

Marcel Amirault requested to merge docs-api-token-role into main

What does this MR do and why?

After rotating tokens today, we realized we were giving our token too high a role. It only needs Developer to be able to start/stop environments, create pipelines, etc.

I've already create a fresh token with this lower role and triggered a review app from gitlab-org/gitlab, which deployed successfully.

Screenshots, screen recordings, or links to review app

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Configure a local GitLab Docs environment: https://gitlab.com/gitlab-org/gitlab-docs/-/blob/main/doc/setup.md.

Merge request acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Marcel Amirault

Merge request reports