GitLab is a web-based DevOps lifecycle tool that provides a Git-repository manager providing wiki, issue-tracking and CI/CD pipeline features, using an open-source license, developed by GitLab Inc.
Source: https://en.wikipedia.org/wiki/GitLab

Both Deploy Keys and Deploy Tokens allow you to checkout code without using your personal GitLab username/password.  And as their name indicates, they are best suited for deployments, usually automated/scripted. What are their features?

Deploy Keys

Deploy Tokens

How to create and use Deploy Keys (SSH)

By default, when you use SSH, it reads from ~/.ssh/id_rsa
But that is your personal SSH key

Create a SSH key for GitLab deployments with a unique name
Login to the server where you will clone/deploy your code
> ssh-keygen -t rsa -b 4096 -f ~/.ssh/gitlab_deploy_rsa

Tell ssh about the new gitlab key
> vim ~/.ssh/config
Host gitlab.yourdomain.com
  Preferredauthentications publickey
  IdentityFile ~/.ssh/gitlab_deploy_rsa

Note: for the Host, use the host GitLab references
GitLab: Repo: Clone button
This email address is being protected from spambots. You need JavaScript enabled to view it.:dir/repo.git

For security, and to allow SSH, make the config read only by you
> chmod 600 ~/.ssh/config

So GitLab knows about your new key, create a GitLab Deploy Key

GitLab: Repo: Settings -> Repository, scroll to Deploy Keys

Copy the contents of your public key ~/.ssh/gitlab_rsa.pub to the Key section

Back on your server,
Test that SSH access works
> ssh -vT This email address is being protected from spambots. You need JavaScript enabled to view it.
-T Disable pseudo-terminal allocation ie just give return result "as is"
-v verbose

If SSH times out, try a public site to ensure port 22 is open
> ssh -vT gitlab.com

If SSH gitlab.com does not work, then enable port 22 on your server, most likely via it's firewall.
If SSH gitlab.com does work, then maybe SSH is not enabled or accessible on your GitLab server. Review your GitLabs firewall ie iptables, tcp wrappers ie /etc/hosts.deny and /etc/hosts.allow, and the SSH daemon configuration ie /etc/sshd_config
Source: https://unix.stackexchange.com/a/406264/265278

Assuming
> ssh -vT This email address is being protected from spambots. You need JavaScript enabled to view it.
finally works

You should be able to checkout your code using SSH, using
> git clone This email address is being protected from spambots. You need JavaScript enabled to view it.:dir/repo.git target_dir
which is a slight shorthand for
> git clone ssh://This email address is being protected from spambots. You need JavaScript enabled to view it./dir/repo.git target_dir

Note: If you cannot get SSH working, you can try using Deploy Tokens, which uses HTTPS, which is more often accessible.

 

How to create and use Deploy Tokens (HTTPS)

Create a GitLab Deploy Token

GitLab: Repo: Settings -> Repository, scroll to Deploy Tokens

 

After creating the Deploy Token, make sure to copy and save the token

 

 From your server, you can checkout your code using
> git clone https://<username>:<token>@gitlab.yourdomain.com/dir/repo.git target_dir 

After cloning, you can simply Pull changes
> git pull

So, should you use SSH or HTTPS?
Ideally you should use SSH keys as they are a way to identify trusted computers, without involving passwords, but HTTPS is the easiest to set up on the widest range of networks and platforms.
Source: https://stackoverflow.com/questions/11041729/why-does-github-recommend-https-over-ssh

 

-End of Document-
Thanks for reading