Gitlab token not working

Dear experts,

We are using a custom c++ framework for our analysis, and I would like to clone the repository from git and compile on the fly.

However, my gitlab token is somehow not recognized.

remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password. See

with the following specifications:

      "gitlab": true,
      "kerberos": true

In my gitlab, i have added the API of reana and given access to it.

Does anyone have some insight?

Many thanks,

Hi @hcai

Granting REANA access to your GitLab repository, as mentioned on the REANA-GitLab documentation page, is used for fetching restricted images stored in your restricted GitLab project registries.

However, I assume that you are using an explicit git clone command-line call as part of your workflow steps? If yes, then the above isn’t sufficient.

Let’s assume the following reana.yaml serial workflow example with the HTTPS git clone command:

    - reana.yaml
  type: serial
      - environment: 'python:3.8'
        kerberos: true
          - git clone

If you have the two-factor authentication enabled for your CERN account, then the Kerberos authentication wouldn’t work (even with KRB5 git clone command) regardless of kerberos: true settings. GitLab requires to use a custom Personal Access Token (PAT), as the error message that you quoted indicated.

Have you created your PAT token on GitLab as mentioned in the GitLab PAT documenation page and have you granted it at least the read_repository scope? If yes, then the cloning should work in the following manner.

Let’s say that your GitLab PAT token value is “abcd1234”. You can store it as a custom secret with REANA:

$ reana-client secrets-add --env GITLABPAT=abcd1234

This will make it available to your workflow jobs as an environment variable called GITLABPAT.

Afterwards, the git clone command in the above example should be modified to include the new secret:

          - git clone https://johndoe:$$

This change should allow the cloning of your restricted personal repositories. (Tested on the above toy example.)

Does this help to address your problem?

Dear @tiborsimko ,

Sorry was traveling last week…

Yes this working perfectly for me now! Many thanks!