Credentials inventory

  • Tier: Ultimate
  • Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated

Use the credentials inventory to monitor and control access to your organization.

  • On GitLab.com, the credentials inventory monitors enterprise users and service accounts in a top-level group.
  • On GitLab Self-Managed and GitLab Dedicated, the credentials inventory monitors all human users and service accounts across the entire instance.

Prerequisites:

  • On GitLab.com, you must have the Owner role for a group.
  • On GitLab Self-Managed and GitLab Dedicated, you must be an administrator.

View the credentials inventory

You can use the credentials inventory to view:

  • Personal access tokens.
  • Group access tokens.
  • Project access tokens.
  • SSH keys.
  • GPG keys (GitLab Self-Managed and GitLab Dedicated only).

To view the credentials inventory:

  1. On the left sidebar, at the bottom, select Admin. If you’ve turned on the new navigation, in the upper-right corner, select Admin.
  2. Select Credentials.
  1. On the left sidebar, select Search or go to and find your group. If you’ve turned on the new navigation, this field is on the top bar.
  2. On the left sidebar, select Secure.
  3. Select Credentials.

You can use the inventory to review credential details including:

  • Ownership.
  • Access scopes.
  • Usage patterns.
  • Expiration dates.
  • Revocation dates.

Revoke personal access tokens

To revoke a personal access token:

  1. On the left sidebar, at the bottom, select Admin. If you’ve turned on the new navigation, in the upper-right corner, select Admin.
  2. Select Credentials.
  3. Next to the personal access token, select Revoke. If the token was previously expired or revoked, the associated date is displayed.

The access token is revoked and the user is notified by email.

  1. On the left sidebar, select Search or go to and find your group. If you’ve turned on the new navigation, this field is on the top bar.
  2. On the left sidebar, select Secure.
  3. Select Credentials.
  4. Next to the personal access token, select Revoke. If the token was previously expired or revoked, the associated date is displayed.

The access token is revoked and the user is notified by email.

Revoke project or group access tokens

To revoke a project or group access token:

  1. On the left sidebar, at the bottom, select Admin. If you’ve turned on the new navigation, in the upper-right corner, select Admin.
  2. Select Credentials.
  3. Select the Project and group access tokens tab.
  4. Next to the project access token, select Revoke.
  1. On the left sidebar, select Search or go to and find your group. If you’ve turned on the new navigation, this field is on the top bar.
  2. On the left sidebar, select Secure.
  3. Select Credentials.
  4. Select the Project and group access tokens tab.
  5. Next to the project access token, select Revoke.

Delete SSH keys

To delete an SSH key:

  1. On the left sidebar, at the bottom, select Admin. If you’ve turned on the new navigation, in the upper-right corner, select Admin.
  2. Select Credentials.
  3. Select the SSH Keys tab.
  4. Next to the SSH key, select Delete.

The SSH key is deleted and the user is notified.

  1. On the left sidebar, select Search or go to and find your group. If you’ve turned on the new navigation, this field is on the top bar.
  2. On the left sidebar, select Secure.
  3. Select Credentials.
  4. Select the SSH Keys tab.
  5. Next to the SSH key, select Delete.

The SSH key is deleted and the user is notified.