Rails: Investigate how to replace PAT with ephemeral tokens
MR: Pending
Description
User Personal Access Tokens(PATs) being injected into the workspace are long lived credentials which we want to avoid. The issue is an investigation into how we can replace it with ephemeral(OIDC/OAuth/JWT tokens).
Acceptance Criteria
-
How we can replace PATs with other ephemeral tokens and how complex it would be -
Private project is cloned -
GitLab operations from within the workspace(not just from the project directory but anywhere in the workspace and not just limited to git operations) - clone any GitLab project or push/pull to/from the existing ones present in the workspace
- interact with GitLab API
- pull a container image from GitLab Container Registry
- pull a helm chart from GitLab Package Registry
- any other GitLab operation that should occur transparently with the token
Edited by Vishal Tak