News and Announcements

GitLab - Tokens expiring on 9/26/24 (*Action needed*)

Posted: 2024-09-02 13:13:44   Expiration: 2024-09-30 13:13:44

Disclaimer: This news item was originally posted on 2024-09-02 13:13:44. Its content may no longer be timely or accurate.

Beginning in GitLab v16 all access tokens required an expiration date. Already-existing tokens without an expiration date were set to expire one year in the future. Since the GitLab v16 upgrade was performed in September 2023, many access tokens are scheduled to expire on the same date this year: 9/26/24.

Note: Every token created since September 2023 has its own expiration date.  This news is only about tokens that were first created before September 2023.  Also, this news does not apply to SSH keys, only to tokens.

What you can do

You can avoid disruption due to token expiration on 9/26/24 by:

  1. Remaining alert to notifications from GitLab about upcoming token expirations 
  2. Reviewing all of your tokens

Notifications you'll receive about token expiration

GitLab sends email notifications for expiring personal, group, and project access tokens. These notifications are structured as follows:

  • You get an email notification when your token expires in 7 days.
  • Another email is sent one day before expiry.
  • Each individual token triggers its own separate email.

Group owners, maintainers, and administrators will receive these email notifications for project and group access tokens. For personal access tokens, individual users will get the email.

How to get a list of your tokens

GitLab UI

Find your personal access tokens in your user profile: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#access-token-expiration

GitLab API

The GitLab API is the easiest way to find token information for many groups and projects:

Personal: https://docs.gitlab.com/ee/api/personal_access_tokens.html#list-personal-access-tokens

Projects: https://docs.gitlab.com/ee/api/project_access_tokens.html#list-project-access-tokens

Groups: https://docs.gitlab.com/ee/api/group_access_tokens.html

Token Rotation API

Another strategy is to use GitLab's token rotation API, to automate the renewal of your personal access tokens: https://docs.gitlab.com/ee/api/personal_access_tokens.html#rotate-a-personal-access-token

Contact us with questions

If you have questions, please email help@doit.wisc.edu to contact the Shared Tools team

-- Shared Tools: Benjamin Sousa