gitlab ci access to private snippets

Question

I have a snippet that I want to use in my gitlab ci across multiple projects.

before_script:
 - curl --header "PRIVATE-TOKEN: xxx" https://gitlab.example.com/api/v4/snippets/1
 - bash my_script.sh

I tried using the $CI_JOB_TOKEN resulting in a 401. Is there a way to gain access without creating a user token?

Answer 1

The short answer is NO.
CI_JOB_TOKEN variable used for authenticating with the GitLab Container Registry and downloading dependent repositories [1].
You can create personal and project Snippets, with three visibility levels [2], private, internal and public.

Private snippets are only visible to the snippet creator, so you need a Personal access token (with api scope!!!, and it's not recommended for CI jobs in public/shared projects.

Suggestion:

• Create an Internal snippet
• Create a user for CI jobs, with read-only access to project (e.g. ci-bot).
• Do CI jobs with ci-bot's Access Token.

[1] https://docs.gitlab.com/ee/ci/variables/predefined_variables.html
[2] https://docs.gitlab.com/ee/api/snippets.html