This is an internal documentation. There is a good chance you’re looking for something else. See Disclaimer.

Access Tokens and API Keys

Access tokens and API keys in need of frequent renewal.

Access Tokens (Dev Team)

Token	User	Configuration	Description	Renewal
GitLab group token: tocco_client_dependency_proxy	CI variable on tocco-client: DOCKER_AUTH_CONFIG	Scopes: `read_virtual_registry`, `write_virtual_registry` Role: `Guest`	GitLab Dependency Proxy Encode DOCKER_AUTH_CONFIG like this: python3 - <API_KEY> <<EOF import base64, json, sys auth = base64.b64encode(('any:' + sys.argv[1]).encode()).decode() print(json.dumps({'auths': {'gitlab.com:443': {'auth': auth}}})) EOF Technical note: The dependency proxy allows bypassing rate limits when pulling OCI images. Token is needed because the dependency proxy belongs to the group toccoag but CI bots don’t have access there.
GitLab backend project token: crowdin-integration	crowdin integration (see crowdin readd integration)	Scopes: `api`, `write_repository` Role: `Maintainer`	Used to synchronize translations between Crowdin and backend repository	During new release task (crowdin)
GitLab backend project token: Commit Info Service	git_backend_repository_source in secrets2.yml	Scopes `read_repository` Role: `Reporter`	Used to pull git commits	During updating external services
GitLab backend project token: SonarQube MR	SonarQube DevOps Platform Integrations: gitlab.com Backend	Scopes: `api` Role: `Reporter`	Only used for merge request analysis	During SonarQube update task
GitLab client project token: Sonarqube Integration	SonarQube DevOps Platform Integrations : gitlab.com Frontend	Scopes: `api` Role: `Developer`	Only used for merge request analysis	During SonarQube update task
GitLab client project token: CI	CI variable on tocco-client: GITLAB_ACCESS_TOKEN	Scopes: `api` Role: `Maintainer`	Used by different client CI jobs to access GitLab API, e.g. to create merge requests or publish a storybook link in the merge request description	During new release task (client ci)

Access Tokens (Ops Team)

Token

User

Configuration

Description

Renewal

GitLab group token find-failed-gitlab-schedules

CI variable on find-failed-gitlab-schedules: GITLAB_SCHEDULE_READ_TOKEN

Scopes: read_api

Role: Developer

Used to read pipeline status from all projects.

API Keys (DEV Team)

Tool	Description	Renewal
Tempo	Used to synchronize timereports between Tempo and Tocco Backoffice	During Back Office test migration task
NPM	Used to publish npm packages	Every 90 days (max expiration time for npm write tokens; see update documentation)