Skip to content

The GitLab Service Account Credential Provider Integration allows you to create a Managed GitLab Account Credential Provider, which provides credential lifecycle management and rotation capabilities for secure authentication between your GitLab instances and other Client Workloads. This page details everything you need to create a GitLab Service Account Credential Provider Integration.

This integration requires the use of two types of GitLab accounts:

  • GitLab Administrator account in a top-level-group with the Owner role. This administrator account performs the initial authorization for the Aembit Credential Provider Integration to start communicating with GitLab.

  • GitLab Service Account that the preceding GitLab Administrator account eventually creates. This service account performs credential lifecycle management for the Managed GitLab Account Credential Provider.

See How the GitLab Service Account integration works for more details.

Configure a GitLab service account integration

Section titled “Configure a GitLab service account integration”

To create a GitLab service account integration, follow these steps:

  1. Log into your Aembit Tenant, and go to Credential Providers -> Integrations in the left sidebar.

    Credential Provider - Integrations tab

  2. (Optional) In the top right corner, select the Resource Set that you want this Credential Provider Integration to reside.

  3. Click + New, which displays the Integration pop out menu.

  4. Select GitLab Service Account, and enter a Display Name and optional Description.

  5. Fill out the remaining fields:

    • Token Endpoint URL - Enter https://gitlab.com, indicating that you’re using a GitLab.com plan.

      See GitLab subscriptions for more details.

    • Top Level Group ID - Enter the numeric ID of the top-level group that contains your GitLab service account.
      See GitLab’s Find the Group ID for more details.

    • Personal Access Token - Enter the Personal Access Token that’s associated with your GitLab Service Account.

      If you don’t already have a GitLab service account with a PAT, see Create a GitLab service account and PAT.

    The form should look similar to the following screenshot:

    Completed GitLab Service Account Credential Provider Integration

  6. Click Save.

    Aembit displays the new integration in the list of Credential Provider Integrations.

The service account you use for the GitLab Service Account Credential Provider Integration must be in a top-level group with the Owner role to have access to GitLab APIs.

To create a GitLab service account and PAT, use either the GitLab UI or GitLab API:

  1. Follow GitLab’s documentation to Create a Service Account using the GitLab UI.

  2. Follow GitLab’s documentation to Create a Personal Access Token for the service account you just created.
    Ensure that you select the following scopes:

    • api
    • self_rotate
  3. Copy the token value and store it in a secure location as you won’t be able to view it again.

  4. Use this token to create the GitLab Service Account Credential Provider Integration in your Aembit Tenant.