Make Notification emails for Personal Access Token creation a configurable setting

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Background

In 14.9 a new security was implemented described in this issue and part of this MR.

The feature consist in sending a notification email to all users every time a new access token is generated/renewed. This is part of security best practices.

Problem to solve

There's customers that have a Vault integration, and after every login log in, GitLab users are issued a token that’s only valid for certain time (i.e. 12 hour). So since the introduction of such feature, everyone is getting an email at least 1x a day about a new token that’s being sent out.

Proposal

Make this Notification emails for Personal Access Token creation, optional for all users, and let the admins select which users will receive the notifications or disabled at all

Workaround

Create a rule in the mail server to filter those emails

Edited Jun 09, 2025 by 🤖 GitLab Bot 🤖