How to obtain GitLab Personal Access Token from command line

Question

Is there any possibility to get Personal Access Token for Gitlab API via command line rather than web interface? I'm working on some integration tests, and Gitlab deployment into the clean environment is a part of test session setup. After deployment test user is doing some work with Gitlab API. In order to access API, test user need to provide Personal Access Token.

I managed to dump traffic, and I see that token is provided within a rendered HTML template in response to POST request:

00:06:40.616996 IP6 localhost.amanda > localhost.53808: Flags [P.], seq 1:580, ack 1054, win 497, options [nop,nop,TS val 3133641719 ecr 3133641673], length 579
`..U.c.@................................'`.0...y.eIz.....k.....
........HTTP/1.1 302 Found
Server: nginx
Date: Tue, 21 Nov 2017 21:06:40 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 119
Connection: keep-alive
Cache-Control: no-cache
Location: http://localhost:10080/profile/personal_access_tokens
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Request-Id: 88178813-95ad-419a-b56b-5a5ddb183885
X-Runtime: 0.044209
X-Ua-Compatible: IE=edge
X-Xss-Protection: 1; mode=block
X-Accel-Buffering: no

Deep inside response:

<input type="text" name="created-personal-access-token" id="created-personal-access-token" value="j1WZujuaKVVEkh8h8Fej" readonly="readonly" class="form-control js-select-on-focus" aria-describedby="created-personal-access-token-help-block" />

However, it seems too be dirty to POST HTML Form and then parse resulting HTML in order to get the token. Can anyone share the secret how to do it right?

Answer 1

GitLab 15.1 (June 2022, five years later) now proposes

Retrieve PAT by ID using API

Users can now retrieve their personal access tokens (PATs) by the PAT ID.

Previously, users could only list all their personal access tokens using the API. There was no endpoint to support querying them one by one.

Thanks to Andreas Deicha for their contribution!

See Documentation and Issue.

Answer 2

Workaround based on HTML parsing: https://github.com/vitalyisaev2/gitlab_token

Answer 3

If you have control over how the Docker container is deployed then save this file locally:

# Inspired by https://gitlab.com/gitlab-org/gitlab/-/blob/master/db/fixtures/development/25_api_personal_access_token.rb
# frozen_string_literal: true

puts "=======================================".color(:red)
puts "---------------------------------------".color(:red)
puts "Creating api access token for root user".color(:red)
puts "---------------------------------------".color(:red)
puts "=======================================".color(:red)

token = PersonalAccessToken.new
token.user_id = User.find_by(username: 'root').id
token.name = 'api-token-for-testing'
token.scopes = ["api"]
token.set_token('ypCa3Dzb23o5nvsixwPA')
token.save

print 'OK'

and modify your docker-compose.yml to include

        image: gitlab/gitlab-ee
        volumes:
          - ./25_api_personal_access_token.rb:/opt/gitlab/embedded/service/gitlab-rails/ee/db/fixtures/production/25_api_personal_access_token.rb

This works for me. Once the GitLab container is initialized and I can see the login page I continue by using a Python library to import my test data and run a bunch of integration tests against the running GitLab instance.

Note 1: I am using GitLab EE above but you can explore /opt/gitlab/embedded/service/gitlab-rails/ for more fixtures directories and place this initialization somewhere else.

Note 2: The original file from the gitlab repository didn't work for me b/c it is designed to be used in development mode and the require failed for me. Also the token_digest is hard-coded and won't match the salt with your GitLab will generate!

Answer 4

Dirty as well but with 10.2 the api/v4/session command is gone, so a login via basic auth is impossible. If you need this for integration tests and may access the created gitlab instance via ssh you may insert the token via SQL directly, the tokens seem not to be hashed or crypted but plain text.