GitLab Personal Access Token

Name: GitLab Personal Access Token
Creator: TestPattern Community
License: https://opensource.org/licenses/MIT

Detects GitLab personal access tokens (glpat- prefix). A leaked PAT grants repository, CI/CD pipeline and package-registry access scoped to the issuing user.

Type: regex
Engine: universal
Confidence: high
Confidence justification: High confidence: the distinctive glpat- prefix with a fixed 20-character body makes false positives extremely unlikely.
Jurisdictions: global
Regulations: Criminal Code Act 1995 (Cth), Computer Fraud and Abuse Act, Computer Misuse Act 1990
Frameworks: CIS Controls, ISO 27001, NIST CSF, SOC 2
Data categories: credentials, security
Scope: narrow
Risk rating: 9
Platform compatibility: Purview: Compatible, GCP DLP: Unsupported, Macie: Unsupported, Zscaler: Compatible, Palo Alto: Unsupported, Netskope: Unsupported

Pattern

(?<![A-Za-z0-9_-])glpat-[A-Za-z0-9_-]{20}(?![A-Za-z0-9_-])

Corroborative evidence keywords

gitlab, personal access token, PAT, api token, CI/CD

Proximity: 300 characters

Should match

glpat-ABCDEFGHIJ1234567890 — GitLab PAT, glpat- prefix + 20 chars
token: glpat-zZyYxXwWvVuU01234567 — Labelled GitLab PAT
glpat-aB3dE6gH9jK2mN5pQ8sT — Mixed-case GitLab PAT

Should not match

glpat-tooShort — Too short to be a GitLab PAT
ghp_ABCDEFGHIJ1234567890abcd — GitHub token, not GitLab
please rotate the gitlab token before release — Prose mention without a token value

Known false positives

Documentation or examples showing placeholder glpat- strings. Mitigation: Require corroborative keywords and check for placeholder markers (example, xxxx).

References

GitLab token overview