• info@bizmate.biz

GitLab Clone Private Repository with Access Token

GitLab Clone Private Repository with Access Token

When you are hosting private code, for instance for a reusable component, on Gitlab you will not be able to clone it unless you have access or are authenticated with the GitLab backend and are authorised to the repository.

Access tokens are a great way to allow an alternative way to clone or add your project as a dependency to a parent project. For example you can use tokens as part of your Continuous Integration pipeline to build, test and deploy your project.

If you add a project in your composer.json ( composer is the de facto package manager most used in PHP) , such as

composer.phar require "bizmate/my-private-package:2.*"

You will see something like

Could not fetch https://gitlab.com/api/v4/projects/bizmate%2Fmy-private-package/repository/archive.zip?sha=..., enter your gitlab.com credentials to access private repos
A token will be created and stored in "/home/composer/.composer/auth.json", your password will never be stored
To revoke access to this token you can visit gitlab.com/profile/applications
Username: 
Password: 
Bad credentials.
You can also manually create a personal token at https://gitlab.com/profile/personal_access_tokens
Add it using "composer config --global --auth gitlab-token.gitlab.com <token>"

So I was not interested in adding my actual user name and password credentials as they are critical information and also because if you have 2FA enabled it might not work. So I created a personal access token and I tried adding it through the composer command but this did not work someone. This might be due to the complexity also of running a development environment in docker but indeed I still found a simpler way to get around this.

Just add your access token to your git configuration, as per command below.

git config --global gitlab.accesstoken {TOKEN_VALUE}

The above will work straight away and you will be able to add your project in composer straight away without adding any information in its auth.json file.

bizmatewp_bw5mow