• Gitlab

Remove the expiry date on self-hosted Gitlab personal access tokens

Back in May 2023, Gitlab made it mandatory to have an expiry date on personal access tokens. This is pretty inconvenient in some setups, and fortunately they eventually removed the requirement in Gitlab 17.4, released in September 2024. Make sure you have a version higher or equal to 17.4, then go in the admin dashboard, in Settings > General > Account and limit, and under “Personal / project / group access token expiration” uncheck “Require expiration date”.

To remove the expiry date of an existing token in a self-hosted Gitlab, SSH on the server, run sudo gitlab-psql to connect to the Postgres database. You can list tokens with a query like:

select user_id, name, expires_at, last_used_at from personal_access_tokens ;

Identify the tokens you want to remove the expiry date from, and set it to NULL. For example, to remove the expiry date of all tokens last-used yesterday, use:

update personal_access_tokens set expires_at = null where last_used_at >= current_date - 1; ;

This is just an example; adapt the query to your own needs.

You can then exit the Postgres CLI with exit.

That’s all; now you can create new tokens with or without an expiry date, and you know how to remove or update it on existing ones. Make sure you are aware of the security implications of this before doing anything, though.