Additional docs update for GitLab tokens (#2485)

Author: oredavids

docs/2.0/docs/pipelines/architecture/security-controls.md

@@ -63,8 +63,11 @@ See [Setup via Machine Users](/2.0/docs/pipelines/installation/viamachineusers.m
 <TabItem value="gitlab" label="GitLab">
 Requires the following tokens be created:
 - `PIPELINES_GITLAB_TOKEN`: A GitLab access token with `api` scope
+- `PIPELINES_GITLAB_READ_TOKEN`: A GitLab access token with `read_repository` scope
 
-Pipelines will also require access to GitHub, however those tokens are generated at runtime via the Gruntwork Management Portal.
+See [Setup via Machine Users](/2.0/docs/pipelines/installation/viamachineusers) for more details.
+
+Pipelines will also require access to Gruntwork's GitHub repositories, however those tokens are generated at runtime via the Gruntwork Management Portal.
 
 </TabItem>
 </Tabs>
@@ -201,4 +204,4 @@ A read/write apply role for delegated repositories.
 
 :::note
 The `delegated-pipelines-plan` and `delegated-pipelines-apply` roles are automatically provisioned for new delegated accounts. Enterprise customers will see pull requests created in the `infrastructure-live-access-control` repository to vend these roles with proper configurations.
-:::
+:::

docs/2.0/docs/pipelines/installation/addinggitlabrepo.md

@@ -162,7 +162,7 @@ After setting up Pipelines, you can:
 If you encounter issues during setup:
 
 - Ensure your GitLab CI user has the correct permissions to your group and projects
-- Verify the `PIPELINES_GITLAB_TOKEN` is set correctly as a CI/CD variable and is *NOT* marked as protected
+- Verify that both `PIPELINES_GITLAB_TOKEN` and `PIPELINES_GITLAB_READ_TOKEN` are set correctly as CI/CD variables and are *NOT* marked as protected
 - Confirm your GitLab group has been authorized by Gruntwork for Pipelines usage
 
 For further assistance, contact [[email protected]](mailto:[email protected]).

docs/2.0/docs/pipelines/installation/viamachineusers.md

@@ -392,7 +392,7 @@ For more information on creating and using GitHub Actions Repository secrets, re
 <TabItem value="gitlab" label="GitLab">
 
 
-For GitLab, Gruntwork Pipelines two CI variables.  The first, the `PIPELINES_GITLAB_TOKEN` requires the `Developer`, `Maintainer` or `Owner` role and the scopes listed below. This token will be used to authenticate API calls and access repositories within your GitLab group.  The second, the `PIPELINES_GITLAB_READ_TOKEN` will be used to access your own code within GitLab.  If not set, Pipelines will default to the `CI_JOB_TOKEN` when accessing internal GitLab hosted code.
+For GitLab, Gruntwork Pipelines two CI variables. The first, the `PIPELINES_GITLAB_TOKEN` requires the `Developer`, `Maintainer` or `Owner` role and the scopes listed below. This token will be used to authenticate API calls and access repositories within your GitLab group.  The second, the `PIPELINES_GITLAB_READ_TOKEN` will be used to access your own code within GitLab. If not set, Pipelines will default to the `CI_JOB_TOKEN` when accessing internal GitLab hosted code.
 
 
 ### Creating the Access Token
@@ -436,6 +436,7 @@ Add the `PIPELINES_GITLAB_TOKEN` and `PIPELINES_GITLAB_READ_TOKEN` as CI/CD vari
 **Checklist:**
 <PersistentCheckbox id="via-machine-users-gitlab-5" label="PIPELINES_GITLAB_TOKEN added to CI/CD variables" />
 <PersistentCheckbox id="via-machine-users-gitlab-6" label="PIPELINES_GITLAB_READ_TOKEN added to CI/CD variables" />
+
 :::caution
 Remember to update this token before it expires to prevent pipeline disruptions.
 :::