Introduction

Introduction to token-operator

When you deal with a GitLab instance that has many groups, sub-groups and users, you may run into the situation that you’re missing an overview of what access tokens exist.

Additionally, you may want to automate the rotation of existing GitLab access tokens, so that they have a short life-span and can get rotated on-demand when needed while not wasting precious time of your staff.

If you provide access to GitLab access tokens through a vault instance, you can additionally monitor and control access to the access tokens.

To solve these issues, ’token-operator’ was born.

What token-operator does

1. It connects to the configured GitLab and password vault.
2. Loops over the tokens in the configuration.
3. For each token, decides if it needs rotating and if so, rotates the token and updates the vault item.

Supported password managers

• 1Password: supported and fully open-source.
• HashiCorp Vault: supported and requires Enterprise license.
• Bitwarden: not supported currently. Supporting it requires significant changes as Bitwarden go-sdk requires CGO which prevents cross-compiling with goreleaser. https://github.com/bitwarden/sdk-sm/blob/main/languages/go/INSTRUCTIONS.md

Continue to 👉 Initial setup