### Problem to solve <!-- What problem do we solve? --> Performing Gitlab Releases from CI/CD through the API requires the use of a personal token, which may jeopardize security if there are other members of sufficient access on that project. ### Intended users <!-- Who will use this feature? If known, include any of the following: types of users (e.g. Developer), personas, or specific company roles (e.g. Release Manager). It's okay to write "Unknown" and fill this field in later. Personas can be found at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/ --> Unknown ### Further details <!-- Include use cases, benefits, and/or goals (contributes to our vision?) --> Currently, if one wishes to create a project release from that project's Gitlab CI/CD, they would have to create and add their own personal token as a masked and protected variable and use the Gitlab API. However, this presents a security risk if there are other members on the team with maintainer or owner access who can view this masked and protected key from the UI: these team members, through the personal token can now access any project under the control of the person who generated the personal token. ### Proposal One solution could be deploy tokens, which allow for granular per project access, and is automatically passed to the CI/CD system. By allowing these to have write access, they can be used by the CI/CD system to perform Gitlab releases through the API. In this way, there is no need for a team member to post their own personal access token to a project. Alternatively, we could have a dedicated release token which is activated through the UI, that would give permissions for the CI/CD system to generate/edit releases and do nothing else. <!-- How are we going to solve the problem? Try to include the user journey! https://about.gitlab.com/handbook/journeys/#user-journey --> ### Permissions and Security <!-- What permissions are required to perform the described actions? Are they consistent with the existing permissions as documented for users, groups, and projects as appropriate? Is the proposed behavior consistent between the UI, API, and other access methods (e.g. email replies)? --> ### Documentation <!-- See the Feature Change Documentation Workflow https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html Add all known Documentation Requirements here, per https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html#documentation-requirements --> ### Testing <!-- What risks does this change pose? How might it affect the quality of the product? What additional test coverage or changes to tests will be needed? Will it require cross-browser testing? See the test engineering process for further guidelines: https://about.gitlab.com/handbook/engineering/quality/guidelines/test-engineering/ --> ### What does success look like, and how can we measure that? <!-- Define both the success metrics and acceptance criteria. Note that success metrics indicate the desired business outcomes, while acceptance criteria indicate when the solution is working correctly. If there is no way to measure success, link to an issue that will implement a way to measure this. --> ### Links / references