There are scenarios in which I require access to a private repository that hosts a lot of work. In this case, these are files that scripts that call. For example – configurations for Docker, Squid, or other automation scripts for menu-driven deployments. These need unauthenticated access to pull certain files but I don’t want the entire repo exposed. I also don’t want to provide authentication credentials as people other than myself (training labs) may need to use this method.
GitLab has the ability to do this via Tokens (as much as GitHub and other configuration management tools do).
First step is to generate a token. Generating this token will allow access to the account. With that, with great power comes great responsibility, so be mindful about where you keep it!
Select the scope of
API for this token. Then Generate it.
Create Create Personal Token. Copy and Save the token that appears as it will only appear this once.
Lets call our token for this example,
With this token is now time to find the project ID for the repository. Click on the project where the file you want access to is located.
Note the value of
Project ID: 9649873. We need
9649873 for later.
Downloading a private file in project root
Lets say I want to download the file,
daemon.json from my private repository. It is in the root of the project. I use the following structure:
wget --header='PRIVATE-TOKEN: TOKEN' 'https://gitlab.com/api/v4/projects/PROJECT_ID/repository/files/FILENAME/raw?ref=BRANCH' -O ~/daemon.json"
When populated with the examples you get the following
wget --header='PRIVATE-TOKEN: 4634A97DEC1E' 'https://gitlab.com/api/v4/projects/9649873/repository/files/daemon.json/raw?ref=master' -O ~/daemon.json"
If your file you want to access is not at the root of a project then you will need to append the unicode representation of
/. This is
%2F. Note that the
daemon.json is under the folder
wget --header='PRIVATE-TOKEN: 4634A97DEC1E' 'https://gitlab.com/api/v4/projects/9649873/repository/files/conf%2Fdaemon.json/raw?ref=master' -O ~/daemon.json
You can now access files via token requests for use within a usually private repo. I am sure there are many other ways but here is this approach.
Note This URI’s will not work as the token is fake and the project ID is a placeholder.