GitLab Deploy Token
Detects GitLab deploy tokens (gldt- prefix). Deploy tokens grant read/write access to a project's repository, container registry and package registry; a leak enables artifact theft or tampering.
- Type
- regex
- Engine
- universal
- Confidence
- high
- Confidence justification
- High confidence: the distinctive gldt- prefix with a fixed 20-character body makes false positives extremely unlikely.
- Jurisdictions
- global
- Regulations
- Criminal Code Act 1995 (Cth), Computer Fraud and Abuse Act, Computer Misuse Act 1990
- Frameworks
- CIS Controls, ISO 27001, NIST CSF, SOC 2
- Data categories
- credentials, security
- Scope
- narrow
- Risk rating
- 8
- Platform compatibility
- Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported
Pattern
(?<![A-Za-z0-9_-])gldt-[A-Za-z0-9_-]{20}(?![A-Za-z0-9_-])Corroborative evidence keywords
gitlab, deploy token, container registry, package registry, CI/CD
Proximity: 300 characters
Should match
gldt-ABCDEFGHIJ1234567890— GitLab deploy token, gldt- prefix + 20 charsDEPLOY_TOKEN=gldt-zZyYxXwWvVuU01234567— Labelled deploy token in env vargldt-aB3dE6gH9jK2mN5pQ8sT— Mixed-case deploy token
Should not match
gldt-tooShort— Too short to be a deploy tokenglpat-ABCDEFGHIJ1234567890— GitLab PAT prefix, not a deploy tokencreate a gitlab deploy token for the registry— Prose mention without a token value
Known false positives
- Documentation or examples showing placeholder gldt- strings. Mitigation: Require corroborative GitLab deploy/registry keywords and exclude placeholder markers.