Thanks for the clarification, @aljaxus. For what it’s worth, I had read that documentation but persisted in searching for a deploy token solution because personal access token scopes are overbroad for my use case, viz. specifying a URI for a single file in a private repository. Instead of merely providing a GitLab URI, I’ll now need to deploy a laundry list of Azure resources in order to securely serve a single script to an ARM template. Depressing.