DoIT Shared Tools - GitLab - Setting up remote repositories
Recommended methods for connecting to a remote GitLab repository
GitLab projects frequently serve as the shared version-control source for many users collaborating on the same project. Users can keep their work synchronized by adding the shared GitLab project as a remote for their local Git project repositories. The following two authentication methods can be used for connecting to remote GitLab projects.
Token-based Authentication (recommended)
Benefits/Restrictions
Token-based authentication allows you to define the token's scope of actions, which is a helpful security measure.
In addition, token-based authentication uses the HTTPS port like most web traffic, unlike SSH access which requires opening an additional port to a large number of users.
As a result, you are allowed to authenticate with your token from an off-campus IP address. This flexibility can be especially important if you want, for example, to clone a remote GitLab repository into your cloud account with Amazon Web Services, Google Cloud or Microsoft Azure.
Set up Token-based Authentication
- Create a Personal Access Token in your GitLab account, scoped to api access.
- Copy the token to a temporary location.
- Use git-credentials or a similar mechanism to store the token for git authentication to https://git.doit.wisc.edu.
- You can choose to store your token in a plain text file (typically named .git-credentials) in the format:
https://<your username>:<personal access token>@git.doit.wisc.edu - Or you can integrate git-credentials with your operating system's password manager (e.g. OSX KeyChain Access), which is more secure because the token isn't stored in plain text.
- You can choose to store your token in a plain text file (typically named .git-credentials) in the format:
- Delete the token from the temporary location.
- Use the HTTPS URL whenever you clone a GitLab project to your workstation and whenever you add a GitLab project as a remote for a local git repository.
SSH key-based Authentication
Benefits/Restrictions
You can only connect via SSH to a project in DoIT's GitLab instance from an on-campus IP address. Users working off-campus must log into the WiscVPN (WiscVPN (uwmadison.vpn.wisc.edu) - Getting Started) before they can connect with SSH.
Set up SSH key-based Authentication
- Follow GitLab's instructions for setting up your SSH key.
- Use the SSH URL whenever you clone a GitLab project to your workstation and whenever you add a GitLab project as a remote for a local git repository.