DoIT Shared Tools - GitLab - Setting up remote repositories

Recommended methods for connecting to a remote GitLab repository

GitLab projects frequently serve as the shared version-control source for many users collaborating on the same project.  Users can keep their work synchronized by adding the shared GitLab project as a remote for their local Git project repositories.  The following two authentication methods can be used for connecting to remote GitLab projects. 

Token-based Authentication (recommended) 

Benefits/Restrictions

Token-based authentication allows you to define the token's scope of actions, which is a helpful security measure. 

In addition, token-based authentication uses the HTTPS port like most web traffic, unlike SSH access which requires opening an additional port to a large number of users.  

As a result, you are allowed to authenticate with your token from an off-campus IP address.  This flexibility can be especially important if you want, for example, to clone a remote GitLab repository into your cloud account with Amazon Web Services, Google Cloud or Microsoft Azure. 

Set up Token-based Authentication

  1. Create a Personal Access Token in your GitLab account, scoped to api access. 
  2. Copy the token to a temporary location.
  3. Use git credential storage to save the token on your workstation, to be used anytime you authenticate with git to https://git.doit.wisc.edu. 
    1. You can integrate git-credentials with your operating system's password manager (e.g. OSX KeyChain Access), which is the more secure option because the token isn't stored in plain text.
    2. Or you can choose to store your token in a plain text file (typically named .git-credentials) in the format:
      https://<your username>:<personal access token>@git.doit.wisc.edu   
  4. Delete the token from the temporary location.
  5. Use the HTTPS URL whenever you clone a GitLab project to your workstation and whenever you add a GitLab project as a remote for a local git repository. 

HTTPS URL for GitLab project

SSH key-based Authentication

Benefits/Restrictions

You can only connect via SSH to a project in DoIT's GitLab instance from an on-campus IP address.  Users working off-campus must log into the WiscVPN (WiscVPN (uwmadison.vpn.wisc.edu) - Getting Started) before they can connect with SSH.  

Set up SSH key-based Authentication

  1. Follow GitLab's instructions for setting up your SSH key.
  2. Use the SSH URL whenever you clone a GitLab project to your workstation and whenever you add a GitLab project as a remote for a local git repository.

SSH URL for GitLab Project

Password-based Command Line Authentication (deprecated)

You can use your GitLab-specific password (not NetID password) to authenticate via the command line.  This authentication method is discouraged, because it is a less secure practice and the industry standard is to stop using it.  At some point in the future, this feature will be disabled, so it's best to switch to another method now. 



Keywords:
gitlab token ssh key credential wiscvpn vpn firewall git repo local authentication project security personal access token 
Doc ID:
117615
Owned by:
Benjamin S. in Shared Tools
Created:
2022-03-25
Updated:
2022-07-26
Sites:
DoIT Help Desk, DoIT Staff, Shared Tools