I’ve found a CI job that reads a file called
.gitlab-token, that contains a string I don’t recall having seen before - i.e. it ain’t the runner registration token or the access token for the root user that my management scripts use. But that leaves me wondering what it is. and what it gives access to.
I guess (but I don’t know) it’s associated with a particular user in GitLab, but when I check (impersonating that user and going to “Edit profile”/“Access Tokens” I see that user has three " Active personal access tokens".
So my question is: can I somehow find out if the string I’ve found is one of those tokens (as one of them has “Last Used”: “Never” I guess it’s more likely to be one of the others) or if it’s not one of those, which user it then is and what it gives access to?
(I suspect it was setup manually by a former employee, and now I have to migrate the runner executing that job to another server, and would like to avoid magic stuff like that)