Pickling a gitlab-python result includes the auth details

[mikepurvis]

I have an instance with several thousand repos, where it's convenient to cache the top-level details for each in order to run various config checks. This boils down to:

gl = gitlab.Gitlab(GITLAB_URL, os.environ["GITLAB_PRIVATE_TOKEN"])
projects = gl.projects.list(get_all=True)
with open(CACHE_PATH / "projects.pickle", "wb") as f:
    pickle.dump(projects, f)

But then when I look at the pickle file, it includes the private token. When I also save the gitlab object and do a gitlab.private_token = None first, the token shows up elsewhere.

Expected Behavior

It would be great if there was an easy way to exclude the token, or otherwise manage the "session" separately.

Specifications

• python-gitlab version: 4.4.0
• API version you are using (v3/v4): v4
• Gitlab server version: 15.6.6

[JohnVillalovos]

Have you considered using asdict() instead of pickling?

https://python-gitlab.readthedocs.io/en/main/api-usage.html#as-a-dictionary

Regarding the pickling:

As a note, if on each Project object you did project.manager.gitlab.private_token = "*masked*" before pickling, that would get rid of the token most likely.

But I have no idea how that will impact things when unpickling.

You can look at the pickle file with: python -m pickletools projects.pickle

[mikepurvis]

Hi @JohnVillalovos, that does sound like a much better approach— it looks like it should be possible to then later do Project(attrs=that_dict, lazy=True)? Or maybe this should go through the GitLab object's ProjectManager somehow? Is there a demonstration of that?

[JohnVillalovos]

Sorry, you are in uncharted territory on that. So I'm not sure.