Jenkins Gitlab Integration using only Gitlab API Token

Installed the GitLab plugin on Jenkins, created a GitLab API token. Added it to Jenkins, but cannot seem to use it anywhere.

When I set up a build job in Jenkins, it wants a username/password. Even if I try to add new credentials in the Configure Job menu, it doesn't save and defaults to the username/password combo I entered for testing.

That's pretty brittle, if the user were to leave the company or something, then now I need to change all my Jenkins pipelines.

Is there a way to configure the job to only use an API token for a repository?

Looking at the GitLab-Jenkins integration, a GitLab API token for Jenkins integration is mainly for Jenkins to interact with GitLab for functionalities such as triggering builds, reporting build status, and other such interactions. This means that the GitLab API token is used at the Jenkins system level, and not directly on the job level.

IE, the GitLab API token is set at the "Manage Jenkins > Configure System." level:

Once you provide the GitLab API token there, Jenkins uses it for all its interactions with GitLab, no matter which specific job is running.

However, when you're setting up a specific Jenkins job, you need to specify how that job should interact with the source control repository, in this case, GitLab.
This is where you would normally specify the repository URL and credentials (username and password or SSH key). These credentials are used by the job to clone the repository, fetch updates, and push changes if necessary.

I would recommend using an SSH key that, once created (ssh-keygen -t rsa -b 4096 -C "your_email@example.com" -P "" -f ~/.ssh/gitlab, without passphrase for testing), you can copy the public key (~/.ssh/gitlab.pub) to your GitLab Settings/SSH keys page.

In the "Key" box, paste your key. If you created the key with a different comment, the "Title" field may autofill with that comment. If not, give your key an identifiable title, like 'Jenkins Server'. Click Add key.

Back in Jenkins, when setting up the job, you can use the 'git' SCM and specify your repository URL in the form of git@gitlab.com:username/repo.git.
In the credentials' dropdown, you can add the SSH private key that corresponds to the public key you added in GitLab. Jenkins will use this SSH key to authenticate with GitLab.

This way, your Jenkins jobs will authenticate with GitLab using SSH keys, not username/password. If a user leaves the company, you can simply generate a new SSH key pair, add the public key to GitLab, and update the private key in Jenkins. Your existing jobs will continue to work without modification.

David suggests in the comments:

> Add a systemic user for this purpose, where the security team registers credentials in jenkins.
Then give the repositories permission to that user, and run via SCM with that credential.
>
> In this way, the systemic user will not leave the company and future maintenance of credentials will be the responsibility of the security team.

That is a good practice indeed, and why we add a "Build_Jenkins" credentials in Jenkins, and declare a technical Build_Jenkins user in GitLab, with read-only access to the relevant repositories.