I discussed wanting to fetch private artifacts from GitLab at $work with @Ericson2314 and he gave me some pointers about current ideas!
I wanted to take notes and write down how these might help with my plight (or not) without polluting the existing issues too much (I added some questions).
https://blog.eigenvalue.net/2023-nix-fetch-with-authentication/
Tell me what you think and if I should think about other solutions.
So far, my favorite short-term solution would be something as I described in Peter Kolloch - Blog - Nix in the Enterprise: AWS S3 Store Authentication (skip ahead to “User-friendly Pragmatic Solution”) but long-term we can definitely do even better 
[edit] the second link was the same as the first at first by mistake