122

Today I've enabled Gitlab's 2nd-factor authentication. After that, since I logged in the Gitlab website, I need to use my cell phone to pass a 6-digits plus my password, that's good, it makes me feel safe.

However, when I use the general operations, for example git clone some-repo.git, I got the error:

Cloning into 'some-repo'...
remote: HTTP Basic: Access denied
remote: You must use a personal access token with 'api' scope for Git over HTTP.
remote: You can generate one at https://gitlab.com/profile/personal_access_tokens
fatal: Authentication failed for 'some-repo.git'

Then I try existing cloned local repo, using git pull, the same error occurs. Before I enabled the 2nd-factor authentication, all the above operation worked fine.

Flowing the above error's instructions, I went to the mentioned address: https://gitlab.com/profile/personal_access_tokens. I created the following token, and save the token's key.

enter image description here

However, I don't know what to do with this key. Can someone tell me how to use this key to enable the basic operations like git pull, git clone, git push etc...

Edit

I had many repos on local before I enabled the 2nd-factor authentication. I want these to work too.

Improve this question
2
  • why no comments and vote down? who's the anonymous haters? Commented Aug 2, 2018 at 16:49
  • @JohnZwinck What about the local existing project, do I have to git clone them again? Commented Aug 5, 2018 at 3:26

6 Answers 6

Reset to default
249
+50

As explained in using gitlab token to clone without authentication, you can clone a GitLab repo using your Personal Access Token like this:

git clone https://oauth2:[email protected]/yourself/yourproject.git

As for how to update your existing clones to use the GitLab Personal Access Token, you should edit your .git/config file in each local git directory, which will have an entry something like this:

[remote "origin"]
    url = https://[email protected]/yourself/yourproject.git

Change the url:

[remote "origin"]
    url = https://oauth2:[email protected]/yourself/yourproject.git

Now you can continue using this existing git clone as you did before you enabled 2FA.

Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

what if its a private gitlab repository?
@VikramK: We don't have one of those, so you'll have to tell us, what happened when you tried?
This method also worked for linking repositories created separately on gitlab and my local system (using git init). Thanks
I had to use the name of my token name instead of "oauth2"
WARNING: Doing this saves the token in .git/config, which gets published to the webroot. Make sure that your .git folder is hidden, or else your project code will be disclosed publicly if you do this. See pentester.land/tutorials/2018/10/25/….
|
46

I used the generated Personal Access Token as the password when prompted to enter credentials.

This allowed me to just use the standard Git Clone syntax without entering anything additional.

When you generate, copy the token. This is the password that will be stored in Credential Manager when you clone. Use that as your password instead of your git password.

Improve this answer

1 Comment

This is much better answer than 200+ upvoted advice to store PAT in plain text. But it needs a suplement that it works only when credential helper points to Git Credential Manager (GCM). git config --global credential.helper manager. GCM is part of Git for Windows package or can be downloaded separately. For other OS like linux other credential managers can be hooked to git credential helper.
6

Visit the below link and enter your Name and Expiry Date.

Then click on the different checkboxes like read_user, read_repository, write_repository, etc for access scopes and create a new Personal Access Token and store it in a secured location

https://gitlab.com/profile/personal_access_tokens

Now when you do a git pull, git clone, git push, etc you can enter your username/email as the Username and enter the newly created Personal Access Token as Password

Improve this answer

Comments

5

See the link below enter link description here

You just need to create a new token for your profile! To do this,

  1. click on your photo and then enter the Edit Profile section
  2. click on Access Tokens
  3. Create a new token with the permissions you need
  4. Now copy the created token according to the photo below enter image description here
  5. git clone https://github.com/YOUR-USERNAME/YOUR-REPOSITORY
  6. Enter your username, but use the created token instead of the password!
Improve this answer

Comments

0

Clone current repo with git clone ${CI_REPOSITORY_URL}

Clone other repos with git clone https://oauth2:${PERSONAL_ACCESS_TOKEN}@gitlab.com/acme/my-project.git. Gitlab uses "oauth2" + token convention to populate OAuth2 Authentication headers, but I could not find official documentation for this.

Enable current repo modifications with git remote set-url origin ${CI_PROJECT_URL/gitlab.com/oauth2:${PERSONAL_ACCESS_TOKEN}@gitlab.com}.git

Here is a job that tags the current repo, using git push:

build_rpms:
  stage: package
  script:
    - echo "Build RPMs. Add tag v1.9d"
    - apk add git
    - git config --list

    # --force is needed for both tag and push to allow job replay
    - git tag v1.9d --force

    # Enable pushing from CI pipeline:
    #
    # At that point git origin points to CI_REPOSITORY_URL=
    # https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/acme/my-project.git
    # This setup does not allow modifications (i.e git push will be rejected).
    #
    # We use Gitlab Personal Access Token with 'write' access. This token shall
    # be generated via Gitlab user settings and then it shall be added as a masked
    # environment variable for this project CI settings.
    #
    # Use "oauth2" as user. For example for CI_PROJECT_URL=https://gitlab.com/acme/my-project
    #   set origin to https://oauth2:[email protected]/acme/my-project.git
    #
    - git remote set-url origin ${CI_PROJECT_URL/gitlab.com/oauth2:${PERSONAL_ACCESS_TOKEN}@gitlab.com}.git
    - git remote -v

    # Use -o ci.skip option to avoid triggering pipeline again
    - git push origin v1.9d --force -o ci.skip
  when:
    manual
Improve this answer

Comments

0

A user-friendly alternative to personal access tokens is Git Credential Manager which does secure OAuth authentication via web browser. Documentation at https://docs.gitlab.com/ee/user/profile/account/two_factor_authentication.html#git-credential-manager

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.