You need to sign in or sign up before continuing.

Admin Token API: Revoke pipeline trigger tokens

Proposal

The Admin Token API allows revoking arbitrary tokens. It can be used to identify what a token does, e.g. in the context of leaked tokens, and revoke it.

It currently lacks support to revoke pipeline trigger tokens. See the current implementation status. Identification is already supported.

According to the documentation, pipeline trigger tokens can only be deleted, not revoked or resetted. Therefore we should do the same in this API endpoint and use the existing ::Ci::PipelineTriggers::DestroyService.new.

DELETE /api/v4/admin/token

{"token": "glptt-..."}

Should delete the pipeline trigger token and return a 204.

Afterwards, retrieving the token should fail, because the token has been deleted.

References

&15777
https://docs.gitlab.com/ee/api/admin/token.html

Edited Feb 06, 2025 by Nicholas Wittstruck