This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Updating Cloud Build Repository Host Connection with new GitLab access token

Posted on 05-07-2025 10:37 AM
undef
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi!

I have next setup: Google Cloud Build has configured and working Host Connection to private GitLab repo through GitLab project token. Cloud Build Trigger successfully works, building my application. In fact, I have multiple triggers connected to different repos in one GCP project.

Project token for one of the repositories is about to be expired (in 7 days). So the general question is: what is the recommended course of actions in this situation?

I assumed, that I would need to generate new project token for respective GitLab repo (easy) and put it somewhere in GCP, but:
0. I couldn't find anything that could help me in Cloud Build web-interface.
1. Obviously, my attempts to find the solution on my own failed.
2. Cloud Build documentation tells me that those secrets are stored in Secret Manager, and I'm sure I can see them. But there are too many, I can't identify the correct one. I can't relate names of secrets like this `cloudbuild-gitlab-1715692777405-api-access-token` to a Host/Repository connection. So if I should just add new value of a secret, how do I identify the correct secret?

I understand, that I can just create new Host/Repository connection and make my trigger use it instead of the old one, but it seems like an overkill.

Please, help me to navigate this situation. Thank you in advance.

Solved Solved
0 3 392
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
undef
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Apparently, this is just a bad web UI, because I was able to identify specific secret through Cloud Shell using combination of
```
gcloud builds connections list ...
gcloud builds connections describe ...
```

View solution in original post

Jump to Solution
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
undef
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Apparently, this is just a bad web UI, because I was able to identify specific secret through Cloud Shell using combination of
```
gcloud builds connections list ...
gcloud builds connections describe ...
```

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
gcp_bob
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi! Had to update one of the Cloud Build Bitbucket Cloud read tokens myself with the pull request read permissions, but somehow it does not seem to be working. Did also all the "gcloud builds connections update" stuff, but to no avail. Can you please share if it really worked out for you by adding just a new secret value for the specific token? For me it doesn't make much difference. Thanks in advance!

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
undef
Bronze 1
Bronze 1
In response to gcp_bob
Reply posted on --/--/---- --:-- AM

Yes: I identified needed secret (I use one token both as read_token and the second one) using Cloud Shell commands described above, and then I just went into Cloud Secret Manager, located secret by it's name and added new value. It works.

Jump to Solution
0 Likes
Top Solution Authors
View all