Which token should I use to connect to GitLab from my workstation?
Use a Personal Access token to connect from your workstation to GitLab. The token is unique to you and can provide access to the same resources you can access in the web interface. Personal Access tokens are a user credential, just like a password.
Which token should I use to configure an automated task that connects to GitLab?
Deploy tokens and Project Access tokens are best suited for tasks that need to connect to GitLab but should not be associated with an individual staff member. Frequently, this would be an automated task, like performing a scheduled git pull of changes from a remote repository in GitLab. Deploy and Project Access tokens are similar to a shared login or machine login credential.
Project Access and Deploy tokens can be useful in automated processes run with GitLabCI. However, tokens should never be hard-coded into a script or committed to a GitLab repository. To securely use a token as part of a GitLabCI process, store the token as a GitLab variable, and mask the variable, so that the token value isn't displayed in logs. Then write your .gitlab-ci.yml file, so that GitLab injects the token value into the process when it's needed.
What types of SSH key access are allowed in GitLab?
GitLab also provides Deploy keys, which serve a similar purpose to Deploy tokens but are SSH key-based. Like personal workstation SSH keys, Deploy keys have the same limitations as personal workstation SSH keys mentioned above.