There are scenarios in which I require access to a private repository that hosts a lot of work. In this case, these are files that scripts that call. For example – configurations for Docker, Squid, or other automation scripts for menu-driven deployments. These need unauthenticated access to pull certain files but I don’t want the entire repo exposed. I also don’t want to provide authentication credentials as people other than myself (training labs) may need to use this method.
GitLab has the ability to do this via Tokens (as much as GitHub and other configuration management tools do).
Generate Token
First step is to generate a token. Generating this token will allow access to the account. With that, with great power comes great responsibility, so be mindful about where you keep it!
Select the scope of API
for this token. Then Generate it.
Create Create Personal Token. Copy and Save the token that appears as it will only appear this once.
Lets call our token for this example, 4634A97DEC1E
Project ID
With this token is now time to find the project ID for the repository. Click on the project where the file you want access to is located.
Note the value of Project ID: 9649873
. We need 9649873
for later.
Downloading a private file in project root
Lets say I want to download the file, daemon.json
from my private repository. It is in the root of the project. I use the following structure:
wget --header='PRIVATE-TOKEN: TOKEN' 'https://gitlab.com/api/v4/projects/PROJECT_ID/repository/files/FILENAME/raw?ref=BRANCH' -O ~/daemon.json"
When populated with the examples you get the following
wget --header='PRIVATE-TOKEN: 4634A97DEC1E' 'https://gitlab.com/api/v4/projects/9649873/repository/files/daemon.json/raw?ref=master' -O ~/daemon.json"
Folders
If your file you want to access is not at the root of a project then you will need to append the unicode representation of /
. This is %2F
. Note that the daemon.json
is under the folder conf
.
wget --header='PRIVATE-TOKEN: 4634A97DEC1E' 'https://gitlab.com/api/v4/projects/9649873/repository/files/conf%2Fdaemon.json/raw?ref=master' -O ~/daemon.json
Summing up
You can now access files via token requests for use within a usually private repo. I am sure there are many other ways but here is this approach.
Note This URI’s will not work as the token is fake and the project ID is a placeholder.