DoIT Shared Tools - GitLab - Setting up remote repositories

Recommended methods for connecting to a remote GitLab repository

GitLab projects frequently serve as the shared version-control source for many users collaborating on the same project.  Users can keep their work synchronized by adding the shared GitLab project as a remote for their local Git project repositories.  The following two authentication methods can be used for connecting to remote GitLab projects. 

Token-based Authentication (recommended) 

Benefits/Restrictions

Token-based authentication allows you to define the token's scope of actions, which is a helpful security measure. 

In addition, token-based authentication uses the HTTPS port like most web traffic, unlike SSH access which requires opening an additional port to a large number of users.  

As a result, you are allowed to authenticate with your token from an off-campus IP address.  This flexibility can be especially important if you want, for example, to clone a remote GitLab repository into your cloud account with Amazon Web Services, Google Cloud or Microsoft Azure. 

Set up Token-based Authentication

  1. Create a Personal Access Token in your GitLab account, scoped to api access. 
  2. Copy the token to a temporary location.
  3. Use git-credentials or a similar mechanism to store the token for git authentication to https://git.doit.wisc.edu. 
    1. You can choose to store your token in a plain text file (typically named .git-credentials) in the format:
      https://<your username>:<personal access token>@git.doit.wisc.edu   
    2. Or you can integrate git-credentials with your operating system's password manager (e.g. OSX KeyChain Access), which is more secure because the token isn't stored in plain text.
  4. Delete the token from the temporary location.
  5. Use the HTTPS URL whenever you clone a GitLab project to your workstation and whenever you add a GitLab project as a remote for a local git repository. 

HTTPS URL for GitLab project

SSH key-based Authentication

Benefits/Restrictions

You can only connect via SSH to a project in DoIT's GitLab instance from an on-campus IP address.  Users working off-campus must log into the WiscVPN (WiscVPN (uwmadison.vpn.wisc.edu) - Getting Started) before they can connect with SSH.  

Set up SSH key-based Authentication

  1. Follow GitLab's instructions for setting up your SSH key.
  2. Use the SSH URL whenever you clone a GitLab project to your workstation and whenever you add a GitLab project as a remote for a local git repository.

SSH URL for GitLab Project