• Create a project access token
• Revoke a project access token
• Scopes for a project access token
• Enable or disable project access token creation

Project access tokens

Project access tokens are similar to passwords, except you can limit access to resources, select a limited role, and provide an expiry date.

Use a project access token to authenticate:

• With Git, when using HTTP Basic Authentication, use:
  • Any non-blank value as a username.
  • The project access token as the password.

Project access tokens are similar to group access tokens and personal access tokens.

In self-managed instances, project access tokens are subject to the same maximum lifetime limits as personal access tokens if the limit is set.

You can use project access tokens:

• On WVS, with any license tier.
• If you have the Free tier:
  • Review your security and compliance policies around user self-enrollment.
  • Consider disabling project access tokens to lower potential abuse.

You cannot use project access tokens to create other access tokens.

Project access tokens inherit the default prefix setting configured for personal access tokens.

Create a project access token

To create a project access token:

1. On the top bar, select My Projects > View All Projects and find your project.
2. On the left sidebar, select Project Settings > Access Tokens.
3. Enter a name. The token name is visible to any user with permissions to view the project.

4. Optional. Enter an expiry date for the token. The token expires on that date at midnight UTC. An instance-wide maximum lifetime setting can limit the maximum allowable lifetime in self-managed instances.

5. Select a role for the token.
6. Select the desired scopes.
7. Select Create project access token.

A project access token is displayed. Save the project access token somewhere safe. After you leave or refresh the page, you can’t view it again.

Revoke a project access token

To revoke a project access token:

1. On the top bar, select My Projects > View All Projects and find your project.
2. On the left sidebar, select Project Settings > Access Tokens.
3. Next to the project access token to revoke, select Revoke.

Scopes for a project access token

The scope determines the actions you can perform when you authenticate with a project access token.

Scope	Description
api	Grants complete read and write access to the scoped project API, including the Package Registry.
read_api	Grants read access to the scoped project API, including the Package Registry.
read_registry	Allows read access (pull) to the Container Registry images if a project is private and authorization is required.
write_registry	Allows write access (push) to the Container Registry.
read_repository	Allows read access (pull) to the repository.
write_repository	Allows read and write access (pull and push) to the repository.

Enable or disable project access token creation

To enable or disable project access token creation for all projects in a top-level group:

1. On the top bar, select My Groups and find your group.
2. On the left sidebar, select Settings > General.
3. Expand Permissions and group features.
4. Under Permissions, turn on or off Allow project and group access token creation.

Even when creation is disabled, you can still use and revoke existing project access tokens.