Application
Example Usage
Constructors
Properties
If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
Where to redirect users after logout.
Text shown to the user after signing up.
API key for Akismet spam protection.
(If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
Set to true to allow users to delete their accounts. Premium and Ultimate only.
Set to true to allow group owners to manage LDAP.
Allow requests to the local network from system hooks.
Allow requests to the local network from web hooks and services.
Indicates whether users assigned up to the Guest role can create groups and personal projects.
Allow using a registration token to create a runner.
Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
Maximum limit of AsciiDoc include directives being processed in any one document. Maximum: 64.
Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
(If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
Shared secret with the asset proxy server. GitLab restart is required to apply changes.
URL of the asset proxy server. GitLab restart is required to apply changes.
By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
When enabled, users will get automatically banned from the application when they download more than the maximum number of unique projects in the time period specified by maxnumberofrepositorydownloads and maxnumberofrepositorydownloadswithintime_period respectively. Self-managed, Ultimate only.
Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
Enabling this permits automatic allocation of purchased storage in a namespace.
Maximum simultaneous Direct Transfer batches to process.
Enable migrating GitLab groups by direct transfer.
Maximum download file size when importing from source GitLab instances by direct transfer.
Indicates whether users can create top-level groups.
Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
The maximum number of includes per pipeline.
The maximum amount of memory, in bytes, that can be allocated for the pipeline configuration, with all included YAML configuration files.
Custom hostname (for private commit emails).
Maximum number of simultaneous import jobs for the Bitbucket Cloud importer.
Maximum number of simultaneous import jobs for the Bitbucket Server importer.
Maximum number of simultaneous import jobs for the GitHub importer.
Enable cleanup policies for all projects.
The maximum number of tags that can be deleted in a single execution of cleanup policies.
The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
Caching during the execution of cleanup policies.
Number of workers for cleanup policies.
Container Registry token duration in minutes.
Enable automatic deactivation of dormant users.
Length of time (in days) after which a user is considered dormant.
Default timeout for decompressing archived files, in seconds. Set to 0 to disable timeouts.
Set the default expiration time for each job’s artifacts.
Instance-level custom initial branch name
Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
The defaultbranchprotection*defaults attribute describes the default branch protection defaults. All parameters are optional.
Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
What visibility level new groups receive. Can take private, internal and public as a parameter.
Default preferred language for users who are not logged in.
Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
Project limit per user.
What visibility level new projects receive. Can take private, internal and public as a parameter.
What visibility level new snippets receive. Can take private, internal and public as a parameter.
Default syntax highlighting theme for users who are new or not signed in. See IDs of available themes (https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/themes.rb#L16)
Enable inactive project deletion feature.
Specifies whether users who have not confirmed their email should be deleted. When set to true, unconfirmed users are deleted after unconfirmedusersdeleteafterdays days. Self-managed, Premium and Ultimate only.
The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
(If enabled, requires diagramsnet_url) Enable Diagrams.net integration.
The Diagrams.net instance URL for integration.
Maximum files in a diff.
Maximum lines in a diff.
Maximum diff patch size, in bytes.
Stops administrators from connecting their GitLab accounts to non-trusted OAuth 2.0 applications that have the api, readapi, readrepository, writerepository, readregistry, write_registry, or sudo scopes.
Disabled OAuth sign-in sources.
Disable display of RSS/Atom and calendar feed tokens.
Disable personal access tokens. Self-managed, Premium and Ultimate only. There is no method available to enable a personal access token that’s been disabled through the API. This is a known issue.
Enforce DNS rebinding attack protection.
Force people to use only corporate emails for sign-up. Null means there is no restriction.
(If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
Maximum downstream pipeline trigger rate.
The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
Indicates whether GitLab Duo features are enabled for this instance. Self-managed, Premium and Ultimate only.
The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
AWS IAM access key ID.
Amazon account ID.
Enable integration with Amazon EKS.
AWS IAM secret access key.
Enable the use of AWS hosted Elasticsearch.
AWS IAM access key.
The AWS region the Elasticsearch domain is configured.
AWS IAM secret access key.
Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
Maximum size of repository and wiki files that are indexed by Elasticsearch.
Enable Elasticsearch indexing.
Limit Elasticsearch to index certain namespaces and projects.
Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
Maximum concurrency of Elasticsearch code indexing background jobs. This only applies to repository indexing operations. Premium and Ultimate only.
The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
The password of your Elasticsearch instance.
The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
Enable automatic requeuing of indexing workers. This improves non-code indexing throughput by enqueuing Sidekiq jobs until all documents are processed. Premium and Ultimate only.
Enable Elasticsearch search.
The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
The username of your Elasticsearch instance.
Number of indexing worker shards. This improves non-code indexing throughput by enqueuing more parallel Sidekiq jobs. Premium and Ultimate only.
Additional text added to the bottom of every email for legal/auditing/compliance reasons.
Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
Specifies whether users must confirm their email before sign in. Possible values are off, soft, and hard.
Show the external redirect page that warns you about user-generated content in GitLab Pages.
Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
Enabling this permits enforcement of namespace storage limits.
(If enabled, requires: terms) Enforce application ToS to all users.
(If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
The default classification label to use when requesting authorization and no classification label has been specified on the project.
(If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
URL to which authorization requests are directed.
How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
URL to use for pipeline validation requests.
Time period in minutes after which the user is unlocked when maximum number of failed sign-in attempts reached.
The ID of a project to load custom file templates from.
Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
The amount of seconds after which a request to get a secondary node status times out.
Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
Maximum number of Git operations per minute a user can perform.
Enable Gitpod integration.
List of user IDs that are emailed when the Git abuse rate limit is exceeded. Maximum: 100 user IDs. Self-managed, Ultimate only.
List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Self-managed, Ultimate only.
Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
Comma-separated list of IP addresses and CIDRs always allowed for inbound traffic. For example, 1.1.1.1, 2.2.2.0/24.
Enable Grafana.
Grafana URL.
Enable Gravatar.
Prevent overrides of default branch protection.
Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
Hide marketing-related entries from help.
Alternate support URL for help page and help dropdown.
Custom text displayed on the help page.
Do not display offers from third parties in GitLab.
Redirect to this URL when not logged in.
Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
Number of Git pushes after which an incremental git repack is run.
Number of Git pushes after which git gc is run.
Number of Git pushes after which an incremental git repack is run.
Number of Git pushes after which an incremental git repack is run.
Enable HTML emails.
Sources to allow project import from. Valid values are: github, bitbucket, bitbucket_server, fogbugz, git, gitlab.Project, gitea, manifest
If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects.
If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity.
If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive.
Whether or not optional metrics are enabled in Service Ping.
Enable in-product marketing emails.
Enable Invisible CAPTCHA spam detection during sign-up.
Max number of issue creation requests per minute per user.
ID of the OAuth application used to authenticate with the GitLab for Jira Cloud app.
URL of the GitLab instance used as a proxy for the GitLab for Jira Cloud app.
Enable public key storage for the GitLab for Jira Cloud app.
Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
Increase this value when any cached Markdown should be invalidated.
Indicates whether the GitLab Duo features enabled setting is enforced for all subgroups. Self-managed, Premium and Ultimate only.
Set to true to lock all memberships to LDAP. Premium and Ultimate only.
Enable Mailgun event receiver.
The Mailgun HTTP webhook signing key for receiving events from webhook.
When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
Message displayed when instance is in maintenance mode.
Use repo.maven.apache.org as a default remote repository when the package is not found in the GitLab Package Registry for Maven. Premium and Ultimate only.
Maximum artifacts size in MB.
Limit attachment size in MB.
Maximum decompressed archive size in bytes.
Maximum export size in MB. 0 for unlimited.
Maximum remote file size for imports from external object storages.
Maximum import size in MB. 0 for unlimited.
Maximum number of sign-in attempts before locking out the user.
Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories.
Reporting time period (in seconds). Maximum: 864000 seconds (10 days).
Maximum size of pages repositories in MB.
Maximum allowable lifetime for access tokens in days.
Maximum allowable lifetime for SSH keys in days.
A method call is only tracked when it takes longer than the given amount of milliseconds.
Indicates whether passwords require a minimum length. Premium and Ultimate only.
Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
Minimum capacity to be available before scheduling more mirrors preemptively.
Maximum number of mirrors that can be synchronizing at the same time.
Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
Indicates whether to skip metadata URL validation for the NuGet package. Introduced in GitLab 17.0.
Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
List of package registry metadata to sync. See the list of the available values (https://gitlab.com/gitlab-org/gitlab/-/blob/ace16c20d5da7c4928dd03fb139692638b557fe3/app/models/concerns/enums/package_metadata.rb#L5). Self-managed, Ultimate only.
Enable to allow anyone to pull from Package Registry visible and changeable.
Number of workers assigned to the packages cleanup policies.
Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
Enable authentication for Git over HTTP(S) via a GitLab account password.
Enable authentication for the web interface via a GitLab account password.
Indicates whether passwords require at least one lowercase letter.
Indicates whether passwords require at least one number.
Indicates whether passwords require at least one symbol character.
Indicates whether passwords require at least one uppercase letter.
Path of the group that is allowed to toggle the performance bar.
Prefix for all generated personal access tokens.
Maximum number of pipeline creation requests per minute per user and commit.
(If enabled, requires: plantuml_url) Enable PlantUML integration.
The PlantUML instance URL for integration.
Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
Enable project export.
Maximum authenticated requests to /project/:id/jobs per minute.
Max number of requests per 10 minutes per IP address for unauthenticated requests to the list all projects API. To disable throttling set to 0.
Enable Prometheus metrics.
CI/CD variables are protected by default.
Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
Max number of requests per minute for each raw path. To disable throttling set to 0.
(If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
Private key for reCAPTCHA.
Site key for reCAPTCHA.
Maximum push size (MB).
Enable receptive mode for GitLab Agents for Kubernetes.
Enable Remember me setting.
GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
Size limit per repository (MB).
(GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
(GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
Allow administrators to require 2FA for all administrators on the instance.
When enabled, users must set an expiration date when creating a group or project access token, or a personal access token owned by a non-service account.
(If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
Maximum number of active merge request approval policies per security policy project. Maximum: 20
Whether to look up merge request approval policy approval groups globally or within project hierarchies.
Public security contact information.
Send confirmation email on sign-up.
Flag to indicate if token expiry date can be optional for service account users
Session duration in minutes. GitLab restart is required to apply changes.
(If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
Shared runners text.
The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
track or compress. Sets the behavior for Sidekiq job size limits.
Text on the login page.
Enable registration.
Enable Silent admin exports.
Enable Silent mode.
(If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
The app ID of the Slack-app.
The app secret of the Slack-app.
The signing secret of the Slack-app.
The verification token of the Slack-app.
Max snippet content size in bytes.
The Snowplow site name / application ID. (for example, gitlab)
The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
The Snowplow cookie domain. (for example, .gitlab.com)
The Snowplow collector for database events hostname. (for example, db-snowplow.trx.gitlab.net)
Enable snowplow tracking.
Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
Blocks Sourcegraph from being loaded on private and internal projects.
The Sourcegraph instance URL for integration.
API key used by GitLab for accessing the Spam Check service endpoint.
Enables spam checking using external Spam Check API endpoint.
URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
Authentication token for the external storage linked in staticobjectsexternalstorageurl.
URL to an external storage for repository static objects.
Enable pipeline suggestion banner.
Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
(If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
Rate limit period (in seconds).
Maximum requests per period per user.
(If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
Rate limit period (in seconds). View Package Registry rate limits for more details.
Maximum requests per period per user. View Package Registry rate limits for more details.
(If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
Rate limit period (in seconds).
Maximum requests per period per user.
(If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
Rate limit period in seconds.
Max requests per period per IP.
(If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
Rate limit period (in seconds). View Package Registry rate limits for more details.
Maximum requests per period per user. View Package Registry rate limits for more details.
(If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
Rate limit period in seconds.
Max requests per period per IP.
Limit display of time tracking units to hours.
Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
Specifies how many days after sign-up to delete users who have not confirmed their email. Only applicable if deleteunconfirmedusers is set to true. Must be 1 or greater. Self-managed, Premium and Ultimate only.
(If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
Maximum number of IPs per user.
How many seconds an IP is counted towards the limit.
Fetch GitLab Runner release version data from GitLab.com.
Every week GitLab reports license usage back to GitLab, Inc.
Enables ClickHouse as a data source for analytics reports. ClickHouse must be configured for this setting to take effect. Available on Premium and Ultimate only.
Send an email to users upon account deactivation.
Newly registered users are external by default.
Specify an email address regex pattern to identify default internal users.
Newly created users have private profile by default.
Allow users to register any application to use GitLab as an OAuth provider.
When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
List of types which are allowed to register a GitLab Runner. Can be [], 'group', 'project' or 'group', 'project'.
Let GitLab inform you when an update is available.
Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
What's new variant, possible values: alltiers, currenttier, and disabled.
Maximum wiki page content size in bytes. The minimum value is 1024 bytes.