How to create a Managed GitLab Account Credential Provider
The Manage GitLab Account Credential Provider uses the GitLab Service Account Credential Provider Integration to allow you to manage the credential lifecycle of your GitLab service accounts.
Prerequisites​
You must have the following to create a Managed GitLab Account Credential Provider:
Create a Managed GitLab Account Credential Provider​
To create a Managed GitLab Account Credential Provider, follow these steps:
-
Log into your Aembit Tenant, and go to Credential Providers in the left sidebar.
-
(Optional) In the top right corner, select the Resource Set that you want this Credential Provider to reside.
-
Click + New, which displays the Credential Provider pop out menu.
-
Enter a Name and optional Description.
-
Under Credential Type, select Managed GitLab Account, revealing more fields.
-
Fill out the remaining fields:
-
Select GitLab Integration: Select a GitLab Service Account integration you've already configured.
noteIf the Select GitLab Integration dropdown menu is empty, you either:
-
May not have any GitLab Service Account integrations configured yet. See GitLab Service Account to create one.
-
May need to change Resource Sets.
-
-
Service Account Username: Enter a username you want to use for the Aembit service account in GitLab.
Leave this field blank for Aembit to automatically create a username in the following format:
Aembit_<Credential_Provider_Name>_managed_service_account -
GitLab Group IDs or Paths: Enter the group ID or group path. If entering more than one, separate them with commas (for example:
parent-group/subgroup,34,56). -
GitLab Project IDs or Paths: Enter the project ID or project path. If entering more than one, separate them with commas (
my-project.345678,my-other-project). -
Access Level: Enter the GitLab Access Level you want your GitLab service account to have.
-
Scope: Enter the GitLab Personal Access Token (PAT) Scopes you want the GitLab service account to have. When entering more than one, separate them with spaces (for example:
api read_user k8s_proxy). -
Lifetime: Enter the number of days you want credentials to remain active.
The form should look similar to the following screenshot:
-
-
Click Save.
Aembit displays the new Credential Provider in the list of Credential Providers.
Verify the Credential Provider​
In your Aembit Tenant​
To verify that you successfully created the Managed GitLab Account Credential Provider and it's communicating with GitLab:
-
In your Aembit Tenant, go to Credential Providers.
-
(Optional) In the top right corner, select the Resource Set that your Credential Provider resides.
-
Select your newly created Credential Provider.
Scroll down to see all the details provided by GitLab for this Service Account.
You should see something similar to the following screenshot:
(Optional) In the GitLab Admin area​
To verify that the Managed GitLab Account Credential Provider successfully creates service account in GitLab:
-
Log into your administrator GitLab account associated with your GitLab Service Account integration.
-
Go to Admin area -> Overview -> Users.
-
Select the service account formatted like this:
Aembit_<credential_provider_name>_managed_service_account. -
On the Account tab, verify that the Username and ID match the values shown in the Credential Provider in the Aembit UI.
Similar to the following screenshot:
-
On the Groups and projects tab, verify that the groups, projects, and access levels match what you entered in the Managed GitLab Account form. GitLab displays these in a table showing Groups with their associated Projects and Access Levels.
Similar to the following screenshot:
