1. Packages
  2. GitLab
  3. API Docs
  4. ApplicationSettings
GitLab v6.10.0 published on Monday, Mar 25, 2024 by Pulumi

gitlab.ApplicationSettings

Explore with Pulumi AI

gitlab logo
GitLab v6.10.0 published on Monday, Mar 25, 2024 by Pulumi

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as gitlab from "@pulumi/gitlab";
    
    // Set the 2FA settings
    const _this = new gitlab.ApplicationSettings("this", {
        requireTwoFactorAuthentication: true,
        twoFactorGracePeriod: 24,
    });
    
    import pulumi
    import pulumi_gitlab as gitlab
    
    # Set the 2FA settings
    this = gitlab.ApplicationSettings("this",
        require_two_factor_authentication=True,
        two_factor_grace_period=24)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gitlab/sdk/v6/go/gitlab"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// Set the 2FA settings
    		_, err := gitlab.NewApplicationSettings(ctx, "this", &gitlab.ApplicationSettingsArgs{
    			RequireTwoFactorAuthentication: pulumi.Bool(true),
    			TwoFactorGracePeriod:           pulumi.Int(24),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using GitLab = Pulumi.GitLab;
    
    return await Deployment.RunAsync(() => 
    {
        // Set the 2FA settings
        var @this = new GitLab.ApplicationSettings("this", new()
        {
            RequireTwoFactorAuthentication = true,
            TwoFactorGracePeriod = 24,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gitlab.ApplicationSettings;
    import com.pulumi.gitlab.ApplicationSettingsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var this_ = new ApplicationSettings("this", ApplicationSettingsArgs.builder()        
                .requireTwoFactorAuthentication(true)
                .twoFactorGracePeriod(24)
                .build());
    
        }
    }
    
    resources:
      # Set the 2FA settings
      this:
        type: gitlab:ApplicationSettings
        properties:
          requireTwoFactorAuthentication: true
          twoFactorGracePeriod: 24
    

    Create ApplicationSettings Resource

    new ApplicationSettings(name: string, args?: ApplicationSettingsArgs, opts?: CustomResourceOptions);
    @overload
    def ApplicationSettings(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            abuse_notification_email: Optional[str] = None,
                            admin_mode: Optional[bool] = None,
                            after_sign_out_path: Optional[str] = None,
                            after_sign_up_text: Optional[str] = None,
                            akismet_api_key: Optional[str] = None,
                            akismet_enabled: Optional[bool] = None,
                            allow_group_owners_to_manage_ldap: Optional[bool] = None,
                            allow_local_requests_from_system_hooks: Optional[bool] = None,
                            allow_local_requests_from_web_hooks_and_services: Optional[bool] = None,
                            archive_builds_in_human_readable: Optional[str] = None,
                            asset_proxy_allowlists: Optional[Sequence[str]] = None,
                            asset_proxy_enabled: Optional[bool] = None,
                            asset_proxy_secret_key: Optional[str] = None,
                            asset_proxy_url: Optional[str] = None,
                            authorized_keys_enabled: Optional[bool] = None,
                            auto_devops_domain: Optional[str] = None,
                            auto_devops_enabled: Optional[bool] = None,
                            automatic_purchased_storage_allocation: Optional[bool] = None,
                            can_create_group: Optional[bool] = None,
                            check_namespace_plan: Optional[bool] = None,
                            commit_email_hostname: Optional[str] = None,
                            container_expiration_policies_enable_historic_entries: Optional[bool] = None,
                            container_registry_cleanup_tags_service_max_list_size: Optional[int] = None,
                            container_registry_delete_tags_service_timeout: Optional[int] = None,
                            container_registry_expiration_policies_caching: Optional[bool] = None,
                            container_registry_expiration_policies_worker_capacity: Optional[int] = None,
                            container_registry_token_expire_delay: Optional[int] = None,
                            deactivate_dormant_users: Optional[bool] = None,
                            default_artifacts_expire_in: Optional[str] = None,
                            default_branch_name: Optional[str] = None,
                            default_branch_protection: Optional[int] = None,
                            default_ci_config_path: Optional[str] = None,
                            default_group_visibility: Optional[str] = None,
                            default_project_creation: Optional[int] = None,
                            default_project_visibility: Optional[str] = None,
                            default_projects_limit: Optional[int] = None,
                            default_snippet_visibility: Optional[str] = None,
                            delete_inactive_projects: Optional[bool] = None,
                            deletion_adjourned_period: Optional[int] = None,
                            diff_max_files: Optional[int] = None,
                            diff_max_lines: Optional[int] = None,
                            diff_max_patch_bytes: Optional[int] = None,
                            disable_feed_token: Optional[bool] = None,
                            disabled_oauth_sign_in_sources: Optional[Sequence[str]] = None,
                            dns_rebinding_protection_enabled: Optional[bool] = None,
                            domain_allowlists: Optional[Sequence[str]] = None,
                            domain_denylist_enabled: Optional[bool] = None,
                            domain_denylists: Optional[Sequence[str]] = None,
                            dsa_key_restriction: Optional[int] = None,
                            ecdsa_key_restriction: Optional[int] = None,
                            ecdsa_sk_key_restriction: Optional[int] = None,
                            ed25519_key_restriction: Optional[int] = None,
                            ed25519_sk_key_restriction: Optional[int] = None,
                            eks_access_key_id: Optional[str] = None,
                            eks_account_id: Optional[str] = None,
                            eks_integration_enabled: Optional[bool] = None,
                            eks_secret_access_key: Optional[str] = None,
                            elasticsearch_aws: Optional[bool] = None,
                            elasticsearch_aws_access_key: Optional[str] = None,
                            elasticsearch_aws_region: Optional[str] = None,
                            elasticsearch_aws_secret_access_key: Optional[str] = None,
                            elasticsearch_indexed_field_length_limit: Optional[int] = None,
                            elasticsearch_indexed_file_size_limit_kb: Optional[int] = None,
                            elasticsearch_indexing: Optional[bool] = None,
                            elasticsearch_limit_indexing: Optional[bool] = None,
                            elasticsearch_max_bulk_concurrency: Optional[int] = None,
                            elasticsearch_max_bulk_size_mb: Optional[int] = None,
                            elasticsearch_namespace_ids: Optional[Sequence[int]] = None,
                            elasticsearch_password: Optional[str] = None,
                            elasticsearch_project_ids: Optional[Sequence[int]] = None,
                            elasticsearch_search: Optional[bool] = None,
                            elasticsearch_urls: Optional[Sequence[str]] = None,
                            elasticsearch_username: Optional[str] = None,
                            email_additional_text: Optional[str] = None,
                            email_author_in_body: Optional[bool] = None,
                            enabled_git_access_protocol: Optional[str] = None,
                            enforce_namespace_storage_limit: Optional[bool] = None,
                            enforce_terms: Optional[bool] = None,
                            external_auth_client_cert: Optional[str] = None,
                            external_auth_client_key: Optional[str] = None,
                            external_auth_client_key_pass: Optional[str] = None,
                            external_authorization_service_default_label: Optional[str] = None,
                            external_authorization_service_enabled: Optional[bool] = None,
                            external_authorization_service_timeout: Optional[float] = None,
                            external_authorization_service_url: Optional[str] = None,
                            external_pipeline_validation_service_timeout: Optional[int] = None,
                            external_pipeline_validation_service_token: Optional[str] = None,
                            external_pipeline_validation_service_url: Optional[str] = None,
                            file_template_project_id: Optional[int] = None,
                            first_day_of_week: Optional[int] = None,
                            geo_node_allowed_ips: Optional[str] = None,
                            geo_status_timeout: Optional[int] = None,
                            git_rate_limit_users_allowlists: Optional[Sequence[str]] = None,
                            git_two_factor_session_expiry: Optional[int] = None,
                            gitaly_timeout_default: Optional[int] = None,
                            gitaly_timeout_fast: Optional[int] = None,
                            gitaly_timeout_medium: Optional[int] = None,
                            grafana_enabled: Optional[bool] = None,
                            grafana_url: Optional[str] = None,
                            gravatar_enabled: Optional[bool] = None,
                            group_owners_can_manage_default_branch_protection: Optional[bool] = None,
                            hashed_storage_enabled: Optional[bool] = None,
                            help_page_hide_commercial_content: Optional[bool] = None,
                            help_page_support_url: Optional[str] = None,
                            help_page_text: Optional[str] = None,
                            help_text: Optional[str] = None,
                            hide_third_party_offers: Optional[bool] = None,
                            home_page_url: Optional[str] = None,
                            housekeeping_enabled: Optional[bool] = None,
                            housekeeping_full_repack_period: Optional[int] = None,
                            housekeeping_gc_period: Optional[int] = None,
                            housekeeping_incremental_repack_period: Optional[int] = None,
                            housekeeping_optimize_repository_period: Optional[int] = None,
                            html_emails_enabled: Optional[bool] = None,
                            import_sources: Optional[Sequence[str]] = None,
                            in_product_marketing_emails_enabled: Optional[bool] = None,
                            inactive_projects_delete_after_months: Optional[int] = None,
                            inactive_projects_min_size_mb: Optional[int] = None,
                            inactive_projects_send_warning_email_after_months: Optional[int] = None,
                            invisible_captcha_enabled: Optional[bool] = None,
                            issues_create_limit: Optional[int] = None,
                            keep_latest_artifact: Optional[bool] = None,
                            local_markdown_version: Optional[int] = None,
                            mailgun_events_enabled: Optional[bool] = None,
                            mailgun_signing_key: Optional[str] = None,
                            maintenance_mode: Optional[bool] = None,
                            maintenance_mode_message: Optional[str] = None,
                            max_artifacts_size: Optional[int] = None,
                            max_attachment_size: Optional[int] = None,
                            max_export_size: Optional[int] = None,
                            max_import_size: Optional[int] = None,
                            max_number_of_repository_downloads: Optional[int] = None,
                            max_number_of_repository_downloads_within_time_period: Optional[int] = None,
                            max_pages_size: Optional[int] = None,
                            max_personal_access_token_lifetime: Optional[int] = None,
                            max_ssh_key_lifetime: Optional[int] = None,
                            metrics_method_call_threshold: Optional[int] = None,
                            mirror_available: Optional[bool] = None,
                            mirror_capacity_threshold: Optional[int] = None,
                            mirror_max_capacity: Optional[int] = None,
                            mirror_max_delay: Optional[int] = None,
                            npm_package_requests_forwarding: Optional[bool] = None,
                            outbound_local_requests_whitelists: Optional[Sequence[str]] = None,
                            package_registry_cleanup_policies_worker_capacity: Optional[int] = None,
                            pages_domain_verification_enabled: Optional[bool] = None,
                            password_authentication_enabled_for_git: Optional[bool] = None,
                            password_authentication_enabled_for_web: Optional[bool] = None,
                            password_lowercase_required: Optional[bool] = None,
                            password_number_required: Optional[bool] = None,
                            password_symbol_required: Optional[bool] = None,
                            password_uppercase_required: Optional[bool] = None,
                            performance_bar_allowed_group_path: Optional[str] = None,
                            personal_access_token_prefix: Optional[str] = None,
                            pipeline_limit_per_project_user_sha: Optional[int] = None,
                            plantuml_enabled: Optional[bool] = None,
                            plantuml_url: Optional[str] = None,
                            polling_interval_multiplier: Optional[float] = None,
                            project_export_enabled: Optional[bool] = None,
                            prometheus_metrics_enabled: Optional[bool] = None,
                            protected_ci_variables: Optional[bool] = None,
                            push_event_activities_limit: Optional[int] = None,
                            push_event_hooks_limit: Optional[int] = None,
                            pypi_package_requests_forwarding: Optional[bool] = None,
                            rate_limiting_response_text: Optional[str] = None,
                            raw_blob_request_limit: Optional[int] = None,
                            recaptcha_enabled: Optional[bool] = None,
                            recaptcha_private_key: Optional[str] = None,
                            recaptcha_site_key: Optional[str] = None,
                            receive_max_input_size: Optional[int] = None,
                            repository_checks_enabled: Optional[bool] = None,
                            repository_size_limit: Optional[int] = None,
                            repository_storages: Optional[Sequence[str]] = None,
                            repository_storages_weighted: Optional[Mapping[str, int]] = None,
                            require_admin_approval_after_user_signup: Optional[bool] = None,
                            require_two_factor_authentication: Optional[bool] = None,
                            restricted_visibility_levels: Optional[Sequence[str]] = None,
                            rsa_key_restriction: Optional[int] = None,
                            search_rate_limit: Optional[int] = None,
                            search_rate_limit_unauthenticated: Optional[int] = None,
                            send_user_confirmation_email: Optional[bool] = None,
                            session_expire_delay: Optional[int] = None,
                            shared_runners_enabled: Optional[bool] = None,
                            shared_runners_minutes: Optional[int] = None,
                            shared_runners_text: Optional[str] = None,
                            sidekiq_job_limiter_compression_threshold_bytes: Optional[int] = None,
                            sidekiq_job_limiter_limit_bytes: Optional[int] = None,
                            sidekiq_job_limiter_mode: Optional[str] = None,
                            sign_in_text: Optional[str] = None,
                            signup_enabled: Optional[bool] = None,
                            slack_app_enabled: Optional[bool] = None,
                            slack_app_id: Optional[str] = None,
                            slack_app_secret: Optional[str] = None,
                            slack_app_signing_secret: Optional[str] = None,
                            slack_app_verification_token: Optional[str] = None,
                            snippet_size_limit: Optional[int] = None,
                            snowplow_app_id: Optional[str] = None,
                            snowplow_collector_hostname: Optional[str] = None,
                            snowplow_cookie_domain: Optional[str] = None,
                            snowplow_enabled: Optional[bool] = None,
                            sourcegraph_enabled: Optional[bool] = None,
                            sourcegraph_public_only: Optional[bool] = None,
                            sourcegraph_url: Optional[str] = None,
                            spam_check_api_key: Optional[str] = None,
                            spam_check_endpoint_enabled: Optional[bool] = None,
                            spam_check_endpoint_url: Optional[str] = None,
                            suggest_pipeline_enabled: Optional[bool] = None,
                            terminal_max_session_time: Optional[int] = None,
                            terms: Optional[str] = None,
                            throttle_authenticated_api_enabled: Optional[bool] = None,
                            throttle_authenticated_api_period_in_seconds: Optional[int] = None,
                            throttle_authenticated_api_requests_per_period: Optional[int] = None,
                            throttle_authenticated_packages_api_enabled: Optional[bool] = None,
                            throttle_authenticated_packages_api_period_in_seconds: Optional[int] = None,
                            throttle_authenticated_packages_api_requests_per_period: Optional[int] = None,
                            throttle_authenticated_web_enabled: Optional[bool] = None,
                            throttle_authenticated_web_period_in_seconds: Optional[int] = None,
                            throttle_authenticated_web_requests_per_period: Optional[int] = None,
                            throttle_unauthenticated_api_enabled: Optional[bool] = None,
                            throttle_unauthenticated_api_period_in_seconds: Optional[int] = None,
                            throttle_unauthenticated_api_requests_per_period: Optional[int] = None,
                            throttle_unauthenticated_packages_api_enabled: Optional[bool] = None,
                            throttle_unauthenticated_packages_api_period_in_seconds: Optional[int] = None,
                            throttle_unauthenticated_packages_api_requests_per_period: Optional[int] = None,
                            throttle_unauthenticated_web_enabled: Optional[bool] = None,
                            throttle_unauthenticated_web_period_in_seconds: Optional[int] = None,
                            throttle_unauthenticated_web_requests_per_period: Optional[int] = None,
                            time_tracking_limit_to_hours: Optional[bool] = None,
                            two_factor_grace_period: Optional[int] = None,
                            unique_ips_limit_enabled: Optional[bool] = None,
                            unique_ips_limit_per_user: Optional[int] = None,
                            unique_ips_limit_time_window: Optional[int] = None,
                            usage_ping_enabled: Optional[bool] = None,
                            user_deactivation_emails_enabled: Optional[bool] = None,
                            user_default_external: Optional[bool] = None,
                            user_default_internal_regex: Optional[str] = None,
                            user_oauth_applications: Optional[bool] = None,
                            user_show_add_ssh_key_message: Optional[bool] = None,
                            version_check_enabled: Optional[bool] = None,
                            web_ide_clientside_preview_enabled: Optional[bool] = None,
                            whats_new_variant: Optional[str] = None,
                            wiki_page_max_content_bytes: Optional[int] = None)
    @overload
    def ApplicationSettings(resource_name: str,
                            args: Optional[ApplicationSettingsArgs] = None,
                            opts: Optional[ResourceOptions] = None)
    func NewApplicationSettings(ctx *Context, name string, args *ApplicationSettingsArgs, opts ...ResourceOption) (*ApplicationSettings, error)
    public ApplicationSettings(string name, ApplicationSettingsArgs? args = null, CustomResourceOptions? opts = null)
    public ApplicationSettings(String name, ApplicationSettingsArgs args)
    public ApplicationSettings(String name, ApplicationSettingsArgs args, CustomResourceOptions options)
    
    type: gitlab:ApplicationSettings
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args ApplicationSettingsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ApplicationSettingsArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ApplicationSettingsArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ApplicationSettingsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ApplicationSettingsArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    ApplicationSettings Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The ApplicationSettings resource accepts the following input properties:

    AbuseNotificationEmail string
    If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
    AdminMode bool
    Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
    AfterSignOutPath string
    Where to redirect users after logout.
    AfterSignUpText string
    Text shown to the user after signing up.
    AkismetApiKey string
    API key for Akismet spam protection.
    AkismetEnabled bool
    (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
    AllowGroupOwnersToManageLdap bool
    Set to true to allow group owners to manage LDAP.
    AllowLocalRequestsFromSystemHooks bool
    Allow requests to the local network from system hooks.
    AllowLocalRequestsFromWebHooksAndServices bool
    Allow requests to the local network from web hooks and services.
    ArchiveBuildsInHumanReadable string
    Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
    AssetProxyAllowlists List<string>
    Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
    AssetProxyEnabled bool
    (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
    AssetProxySecretKey string
    Shared secret with the asset proxy server. GitLab restart is required to apply changes.
    AssetProxyUrl string
    URL of the asset proxy server. GitLab restart is required to apply changes.
    AuthorizedKeysEnabled bool
    By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
    AutoDevopsDomain string
    Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
    AutoDevopsEnabled bool
    Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
    AutomaticPurchasedStorageAllocation bool
    Enabling this permits automatic allocation of purchased storage in a namespace.
    CanCreateGroup bool
    Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
    CheckNamespacePlan bool
    Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
    CommitEmailHostname string
    Custom hostname (for private commit emails).
    ContainerExpirationPoliciesEnableHistoricEntries bool
    Enable cleanup policies for all projects.
    ContainerRegistryCleanupTagsServiceMaxListSize int
    The maximum number of tags that can be deleted in a single execution of cleanup policies.
    ContainerRegistryDeleteTagsServiceTimeout int
    The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
    ContainerRegistryExpirationPoliciesCaching bool
    Caching during the execution of cleanup policies.
    ContainerRegistryExpirationPoliciesWorkerCapacity int
    Number of workers for cleanup policies.
    ContainerRegistryTokenExpireDelay int
    Container Registry token duration in minutes.
    DeactivateDormantUsers bool
    Enable automatic deactivation of dormant users.
    DefaultArtifactsExpireIn string
    Set the default expiration time for each job’s artifacts.
    DefaultBranchName string
    Instance-level custom initial branch name (introduced in GitLab 13.2).
    DefaultBranchProtection int
    Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
    DefaultCiConfigPath string
    Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
    DefaultGroupVisibility string
    What visibility level new groups receive. Can take private, internal and public as a parameter.
    DefaultProjectCreation int
    Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
    DefaultProjectVisibility string
    What visibility level new projects receive. Can take private, internal and public as a parameter.
    DefaultProjectsLimit int
    Project limit per user.
    DefaultSnippetVisibility string
    What visibility level new snippets receive. Can take private, internal and public as a parameter.
    DeleteInactiveProjects bool
    Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
    DeletionAdjournedPeriod int
    The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
    DiffMaxFiles int
    Maximum files in a diff.
    DiffMaxLines int
    Maximum lines in a diff.
    DiffMaxPatchBytes int
    Maximum diff patch size, in bytes.
    DisableFeedToken bool
    Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
    DisabledOauthSignInSources List<string>
    Disabled OAuth sign-in sources.
    DnsRebindingProtectionEnabled bool
    Enforce DNS rebinding attack protection.
    DomainAllowlists List<string>
    Force people to use only corporate emails for sign-up. Null means there is no restriction.
    DomainDenylistEnabled bool
    (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
    DomainDenylists List<string>
    Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
    DsaKeyRestriction int
    The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
    EcdsaKeyRestriction int
    The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
    EcdsaSkKeyRestriction int
    The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
    Ed25519KeyRestriction int
    The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
    Ed25519SkKeyRestriction int
    The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
    EksAccessKeyId string
    AWS IAM access key ID.
    EksAccountId string
    Amazon account ID.
    EksIntegrationEnabled bool
    Enable integration with Amazon EKS.
    EksSecretAccessKey string
    AWS IAM secret access key.
    ElasticsearchAws bool
    Enable the use of AWS hosted Elasticsearch.
    ElasticsearchAwsAccessKey string
    AWS IAM access key.
    ElasticsearchAwsRegion string
    The AWS region the Elasticsearch domain is configured.
    ElasticsearchAwsSecretAccessKey string
    AWS IAM secret access key.
    ElasticsearchIndexedFieldLengthLimit int
    Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
    ElasticsearchIndexedFileSizeLimitKb int
    Maximum size of repository and wiki files that are indexed by Elasticsearch.
    ElasticsearchIndexing bool
    Enable Elasticsearch indexing.
    ElasticsearchLimitIndexing bool
    Limit Elasticsearch to index certain namespaces and projects.
    ElasticsearchMaxBulkConcurrency int
    Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
    ElasticsearchMaxBulkSizeMb int
    Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
    ElasticsearchNamespaceIds List<int>
    The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    ElasticsearchPassword string
    The password of your Elasticsearch instance.
    ElasticsearchProjectIds List<int>
    The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    ElasticsearchSearch bool
    Enable Elasticsearch search.
    ElasticsearchUrls List<string>
    The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
    ElasticsearchUsername string
    The username of your Elasticsearch instance.
    EmailAdditionalText string
    Additional text added to the bottom of every email for legal/auditing/compliance reasons.
    EmailAuthorInBody bool
    Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
    EnabledGitAccessProtocol string
    Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
    EnforceNamespaceStorageLimit bool
    Enabling this permits enforcement of namespace storage limits.
    EnforceTerms bool
    (If enabled, requires: terms) Enforce application ToS to all users.
    ExternalAuthClientCert string
    (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
    ExternalAuthClientKey string
    Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
    ExternalAuthClientKeyPass string
    Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
    ExternalAuthorizationServiceDefaultLabel string
    The default classification label to use when requesting authorization and no classification label has been specified on the project.
    ExternalAuthorizationServiceEnabled bool
    (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
    ExternalAuthorizationServiceTimeout double
    The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
    ExternalAuthorizationServiceUrl string
    URL to which authorization requests are directed.
    ExternalPipelineValidationServiceTimeout int
    How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
    ExternalPipelineValidationServiceToken string
    Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
    ExternalPipelineValidationServiceUrl string
    URL to use for pipeline validation requests.
    FileTemplateProjectId int
    The ID of a project to load custom file templates from.
    FirstDayOfWeek int
    Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
    GeoNodeAllowedIps string
    Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
    GeoStatusTimeout int
    The amount of seconds after which a request to get a secondary node status times out.
    GitRateLimitUsersAllowlists List<string>
    List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
    GitTwoFactorSessionExpiry int
    Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
    GitalyTimeoutDefault int
    Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
    GitalyTimeoutFast int
    Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
    GitalyTimeoutMedium int
    Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
    GrafanaEnabled bool
    Enable Grafana.
    GrafanaUrl string
    Grafana URL.
    GravatarEnabled bool
    Enable Gravatar.
    GroupOwnersCanManageDefaultBranchProtection bool
    Prevent overrides of default branch protection.
    HashedStorageEnabled bool
    Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
    HelpPageHideCommercialContent bool
    Hide marketing-related entries from help.
    HelpPageSupportUrl string
    Alternate support URL for help page and help dropdown.
    HelpPageText string
    Custom text displayed on the help page.
    HelpText string
    GitLab server administrator information.
    HideThirdPartyOffers bool
    Do not display offers from third parties in GitLab.
    HomePageUrl string
    Redirect to this URL when not logged in.
    HousekeepingEnabled bool
    Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
    HousekeepingFullRepackPeriod int
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_full_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    HousekeepingGcPeriod int
    Number of Git pushes after which git gc is run.

    Deprecated:housekeeping_gc_period is deprecated. Use housekeeping_optimize_repository_period instead.

    HousekeepingIncrementalRepackPeriod int
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_incremental_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    HousekeepingOptimizeRepositoryPeriod int
    Number of Git pushes after which an incremental git repack is run.
    HtmlEmailsEnabled bool
    Enable HTML emails.
    ImportSources List<string>
    Sources to allow project import from. Valid values are: github, bitbucket, bitbucket_server, fogbugz, git, gitlab.Project, gitea, manifest
    InProductMarketingEmailsEnabled bool
    Enable in-product marketing emails.
    InactiveProjectsDeleteAfterMonths int
    If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    InactiveProjectsMinSizeMb int
    If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    InactiveProjectsSendWarningEmailAfterMonths int
    If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    InvisibleCaptchaEnabled bool
    Enable Invisible CAPTCHA spam detection during sign-up.
    IssuesCreateLimit int
    Max number of issue creation requests per minute per user.
    KeepLatestArtifact bool
    Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
    LocalMarkdownVersion int
    Increase this value when any cached Markdown should be invalidated.
    MailgunEventsEnabled bool
    Enable Mailgun event receiver.
    MailgunSigningKey string
    The Mailgun HTTP webhook signing key for receiving events from webhook.
    MaintenanceMode bool
    When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
    MaintenanceModeMessage string
    Message displayed when instance is in maintenance mode.
    MaxArtifactsSize int
    Maximum artifacts size in MB.
    MaxAttachmentSize int
    Limit attachment size in MB.
    MaxExportSize int
    Maximum export size in MB. 0 for unlimited.
    MaxImportSize int
    Maximum import size in MB. 0 for unlimited.
    MaxNumberOfRepositoryDownloads int
    Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
    MaxNumberOfRepositoryDownloadsWithinTimePeriod int
    Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
    MaxPagesSize int
    Maximum size of pages repositories in MB.
    MaxPersonalAccessTokenLifetime int
    Maximum allowable lifetime for access tokens in days.
    MaxSshKeyLifetime int
    Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
    MetricsMethodCallThreshold int
    A method call is only tracked when it takes longer than the given amount of milliseconds.
    MirrorAvailable bool
    Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
    MirrorCapacityThreshold int
    Minimum capacity to be available before scheduling more mirrors preemptively.
    MirrorMaxCapacity int
    Maximum number of mirrors that can be synchronizing at the same time.
    MirrorMaxDelay int
    Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
    NpmPackageRequestsForwarding bool
    Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
    OutboundLocalRequestsWhitelists List<string>
    Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
    PackageRegistryCleanupPoliciesWorkerCapacity int
    Number of workers assigned to the packages cleanup policies.
    PagesDomainVerificationEnabled bool
    Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
    PasswordAuthenticationEnabledForGit bool
    Enable authentication for Git over HTTP(S) via a GitLab account password.
    PasswordAuthenticationEnabledForWeb bool
    Enable authentication for the web interface via a GitLab account password.
    PasswordLowercaseRequired bool
    Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
    PasswordNumberRequired bool
    Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
    PasswordSymbolRequired bool
    Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
    PasswordUppercaseRequired bool
    Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
    PerformanceBarAllowedGroupPath string
    Path of the group that is allowed to toggle the performance bar.
    PersonalAccessTokenPrefix string
    Prefix for all generated personal access tokens.
    PipelineLimitPerProjectUserSha int
    Maximum number of pipeline creation requests per minute per user and commit.
    PlantumlEnabled bool
    (If enabled, requires: plantuml_url) Enable PlantUML integration.
    PlantumlUrl string
    The PlantUML instance URL for integration.
    PollingIntervalMultiplier double
    Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
    ProjectExportEnabled bool
    Enable project export.
    PrometheusMetricsEnabled bool
    Enable Prometheus metrics.
    ProtectedCiVariables bool
    CI/CD variables are protected by default.
    PushEventActivitiesLimit int
    Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
    PushEventHooksLimit int
    Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
    PypiPackageRequestsForwarding bool
    Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
    RateLimitingResponseText string
    When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
    RawBlobRequestLimit int
    Max number of requests per minute for each raw path. To disable throttling set to 0.
    RecaptchaEnabled bool
    (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
    RecaptchaPrivateKey string
    Private key for reCAPTCHA.
    RecaptchaSiteKey string
    Site key for reCAPTCHA.
    ReceiveMaxInputSize int
    Maximum push size (MB).
    RepositoryChecksEnabled bool
    GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
    RepositorySizeLimit int
    Size limit per repository (MB).
    RepositoryStorages List<string>
    (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
    RepositoryStoragesWeighted Dictionary<string, int>
    (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
    RequireAdminApprovalAfterUserSignup bool
    When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
    RequireTwoFactorAuthentication bool
    (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
    RestrictedVisibilityLevels List<string>
    Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
    RsaKeyRestriction int
    The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
    SearchRateLimit int
    Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
    SearchRateLimitUnauthenticated int
    Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
    SendUserConfirmationEmail bool
    Send confirmation email on sign-up.
    SessionExpireDelay int
    Session duration in minutes. GitLab restart is required to apply changes.
    SharedRunnersEnabled bool
    (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
    SharedRunnersMinutes int
    Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
    SharedRunnersText string
    Shared runners text.
    SidekiqJobLimiterCompressionThresholdBytes int
    The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
    SidekiqJobLimiterLimitBytes int
    The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
    SidekiqJobLimiterMode string
    track or compress. Sets the behavior for Sidekiq job size limits.
    SignInText string
    Text on the login page.
    SignupEnabled bool
    Enable registration.
    SlackAppEnabled bool
    (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
    SlackAppId string
    The app ID of the Slack-app.
    SlackAppSecret string
    The app secret of the Slack-app.
    SlackAppSigningSecret string
    The signing secret of the Slack-app.
    SlackAppVerificationToken string
    The verification token of the Slack-app.
    SnippetSizeLimit int
    Max snippet content size in bytes.
    SnowplowAppId string
    The Snowplow site name / application ID. (for example, gitlab)
    SnowplowCollectorHostname string
    The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
    SnowplowCookieDomain string
    The Snowplow cookie domain. (for example, .gitlab.com)
    SnowplowEnabled bool
    Enable snowplow tracking.
    SourcegraphEnabled bool
    Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
    SourcegraphPublicOnly bool
    Blocks Sourcegraph from being loaded on private and internal projects.
    SourcegraphUrl string
    The Sourcegraph instance URL for integration.
    SpamCheckApiKey string
    API key used by GitLab for accessing the Spam Check service endpoint.
    SpamCheckEndpointEnabled bool
    Enables spam checking using external Spam Check API endpoint.
    SpamCheckEndpointUrl string
    URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
    SuggestPipelineEnabled bool
    Enable pipeline suggestion banner.
    TerminalMaxSessionTime int
    Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
    Terms string
    (Required by: enforce_terms) Markdown content for the ToS.
    ThrottleAuthenticatedApiEnabled bool
    (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    ThrottleAuthenticatedApiPeriodInSeconds int
    Rate limit period (in seconds).
    ThrottleAuthenticatedApiRequestsPerPeriod int
    Maximum requests per period per user.
    ThrottleAuthenticatedPackagesApiEnabled bool
    (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    ThrottleAuthenticatedPackagesApiPeriodInSeconds int
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    ThrottleAuthenticatedPackagesApiRequestsPerPeriod int
    Maximum requests per period per user. View Package Registry rate limits for more details.
    ThrottleAuthenticatedWebEnabled bool
    (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    ThrottleAuthenticatedWebPeriodInSeconds int
    Rate limit period (in seconds).
    ThrottleAuthenticatedWebRequestsPerPeriod int
    Maximum requests per period per user.
    ThrottleUnauthenticatedApiEnabled bool
    (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    ThrottleUnauthenticatedApiPeriodInSeconds int
    Rate limit period in seconds.
    ThrottleUnauthenticatedApiRequestsPerPeriod int
    Max requests per period per IP.
    ThrottleUnauthenticatedPackagesApiEnabled bool
    (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    ThrottleUnauthenticatedPackagesApiPeriodInSeconds int
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    ThrottleUnauthenticatedPackagesApiRequestsPerPeriod int
    Maximum requests per period per user. View Package Registry rate limits for more details.
    ThrottleUnauthenticatedWebEnabled bool
    (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    ThrottleUnauthenticatedWebPeriodInSeconds int
    Rate limit period in seconds.
    ThrottleUnauthenticatedWebRequestsPerPeriod int
    Max requests per period per IP.
    TimeTrackingLimitToHours bool
    Limit display of time tracking units to hours.
    TwoFactorGracePeriod int
    Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
    UniqueIpsLimitEnabled bool
    (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
    UniqueIpsLimitPerUser int
    Maximum number of IPs per user.
    UniqueIpsLimitTimeWindow int
    How many seconds an IP is counted towards the limit.
    UsagePingEnabled bool
    Every week GitLab reports license usage back to GitLab, Inc.
    UserDeactivationEmailsEnabled bool
    Send an email to users upon account deactivation.
    UserDefaultExternal bool
    Newly registered users are external by default.
    UserDefaultInternalRegex string
    Specify an email address regex pattern to identify default internal users.
    UserOauthApplications bool
    Allow users to register any application to use GitLab as an OAuth provider.
    UserShowAddSshKeyMessage bool
    When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
    VersionCheckEnabled bool
    Let GitLab inform you when an update is available.
    WebIdeClientsidePreviewEnabled bool
    Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
    WhatsNewVariant string
    What’s new variant, possible values: alltiers, currenttier, and disabled.
    WikiPageMaxContentBytes int
    Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
    AbuseNotificationEmail string
    If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
    AdminMode bool
    Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
    AfterSignOutPath string
    Where to redirect users after logout.
    AfterSignUpText string
    Text shown to the user after signing up.
    AkismetApiKey string
    API key for Akismet spam protection.
    AkismetEnabled bool
    (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
    AllowGroupOwnersToManageLdap bool
    Set to true to allow group owners to manage LDAP.
    AllowLocalRequestsFromSystemHooks bool
    Allow requests to the local network from system hooks.
    AllowLocalRequestsFromWebHooksAndServices bool
    Allow requests to the local network from web hooks and services.
    ArchiveBuildsInHumanReadable string
    Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
    AssetProxyAllowlists []string
    Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
    AssetProxyEnabled bool
    (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
    AssetProxySecretKey string
    Shared secret with the asset proxy server. GitLab restart is required to apply changes.
    AssetProxyUrl string
    URL of the asset proxy server. GitLab restart is required to apply changes.
    AuthorizedKeysEnabled bool
    By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
    AutoDevopsDomain string
    Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
    AutoDevopsEnabled bool
    Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
    AutomaticPurchasedStorageAllocation bool
    Enabling this permits automatic allocation of purchased storage in a namespace.
    CanCreateGroup bool
    Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
    CheckNamespacePlan bool
    Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
    CommitEmailHostname string
    Custom hostname (for private commit emails).
    ContainerExpirationPoliciesEnableHistoricEntries bool
    Enable cleanup policies for all projects.
    ContainerRegistryCleanupTagsServiceMaxListSize int
    The maximum number of tags that can be deleted in a single execution of cleanup policies.
    ContainerRegistryDeleteTagsServiceTimeout int
    The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
    ContainerRegistryExpirationPoliciesCaching bool
    Caching during the execution of cleanup policies.
    ContainerRegistryExpirationPoliciesWorkerCapacity int
    Number of workers for cleanup policies.
    ContainerRegistryTokenExpireDelay int
    Container Registry token duration in minutes.
    DeactivateDormantUsers bool
    Enable automatic deactivation of dormant users.
    DefaultArtifactsExpireIn string
    Set the default expiration time for each job’s artifacts.
    DefaultBranchName string
    Instance-level custom initial branch name (introduced in GitLab 13.2).
    DefaultBranchProtection int
    Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
    DefaultCiConfigPath string
    Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
    DefaultGroupVisibility string
    What visibility level new groups receive. Can take private, internal and public as a parameter.
    DefaultProjectCreation int
    Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
    DefaultProjectVisibility string
    What visibility level new projects receive. Can take private, internal and public as a parameter.
    DefaultProjectsLimit int
    Project limit per user.
    DefaultSnippetVisibility string
    What visibility level new snippets receive. Can take private, internal and public as a parameter.
    DeleteInactiveProjects bool
    Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
    DeletionAdjournedPeriod int
    The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
    DiffMaxFiles int
    Maximum files in a diff.
    DiffMaxLines int
    Maximum lines in a diff.
    DiffMaxPatchBytes int
    Maximum diff patch size, in bytes.
    DisableFeedToken bool
    Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
    DisabledOauthSignInSources []string
    Disabled OAuth sign-in sources.
    DnsRebindingProtectionEnabled bool
    Enforce DNS rebinding attack protection.
    DomainAllowlists []string
    Force people to use only corporate emails for sign-up. Null means there is no restriction.
    DomainDenylistEnabled bool
    (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
    DomainDenylists []string
    Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
    DsaKeyRestriction int
    The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
    EcdsaKeyRestriction int
    The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
    EcdsaSkKeyRestriction int
    The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
    Ed25519KeyRestriction int
    The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
    Ed25519SkKeyRestriction int
    The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
    EksAccessKeyId string
    AWS IAM access key ID.
    EksAccountId string
    Amazon account ID.
    EksIntegrationEnabled bool
    Enable integration with Amazon EKS.
    EksSecretAccessKey string
    AWS IAM secret access key.
    ElasticsearchAws bool
    Enable the use of AWS hosted Elasticsearch.
    ElasticsearchAwsAccessKey string
    AWS IAM access key.
    ElasticsearchAwsRegion string
    The AWS region the Elasticsearch domain is configured.
    ElasticsearchAwsSecretAccessKey string
    AWS IAM secret access key.
    ElasticsearchIndexedFieldLengthLimit int
    Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
    ElasticsearchIndexedFileSizeLimitKb int
    Maximum size of repository and wiki files that are indexed by Elasticsearch.
    ElasticsearchIndexing bool
    Enable Elasticsearch indexing.
    ElasticsearchLimitIndexing bool
    Limit Elasticsearch to index certain namespaces and projects.
    ElasticsearchMaxBulkConcurrency int
    Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
    ElasticsearchMaxBulkSizeMb int
    Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
    ElasticsearchNamespaceIds []int
    The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    ElasticsearchPassword string
    The password of your Elasticsearch instance.
    ElasticsearchProjectIds []int
    The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    ElasticsearchSearch bool
    Enable Elasticsearch search.
    ElasticsearchUrls []string
    The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
    ElasticsearchUsername string
    The username of your Elasticsearch instance.
    EmailAdditionalText string
    Additional text added to the bottom of every email for legal/auditing/compliance reasons.
    EmailAuthorInBody bool
    Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
    EnabledGitAccessProtocol string
    Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
    EnforceNamespaceStorageLimit bool
    Enabling this permits enforcement of namespace storage limits.
    EnforceTerms bool
    (If enabled, requires: terms) Enforce application ToS to all users.
    ExternalAuthClientCert string
    (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
    ExternalAuthClientKey string
    Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
    ExternalAuthClientKeyPass string
    Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
    ExternalAuthorizationServiceDefaultLabel string
    The default classification label to use when requesting authorization and no classification label has been specified on the project.
    ExternalAuthorizationServiceEnabled bool
    (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
    ExternalAuthorizationServiceTimeout float64
    The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
    ExternalAuthorizationServiceUrl string
    URL to which authorization requests are directed.
    ExternalPipelineValidationServiceTimeout int
    How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
    ExternalPipelineValidationServiceToken string
    Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
    ExternalPipelineValidationServiceUrl string
    URL to use for pipeline validation requests.
    FileTemplateProjectId int
    The ID of a project to load custom file templates from.
    FirstDayOfWeek int
    Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
    GeoNodeAllowedIps string
    Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
    GeoStatusTimeout int
    The amount of seconds after which a request to get a secondary node status times out.
    GitRateLimitUsersAllowlists []string
    List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
    GitTwoFactorSessionExpiry int
    Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
    GitalyTimeoutDefault int
    Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
    GitalyTimeoutFast int
    Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
    GitalyTimeoutMedium int
    Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
    GrafanaEnabled bool
    Enable Grafana.
    GrafanaUrl string
    Grafana URL.
    GravatarEnabled bool
    Enable Gravatar.
    GroupOwnersCanManageDefaultBranchProtection bool
    Prevent overrides of default branch protection.
    HashedStorageEnabled bool
    Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
    HelpPageHideCommercialContent bool
    Hide marketing-related entries from help.
    HelpPageSupportUrl string
    Alternate support URL for help page and help dropdown.
    HelpPageText string
    Custom text displayed on the help page.
    HelpText string
    GitLab server administrator information.
    HideThirdPartyOffers bool
    Do not display offers from third parties in GitLab.
    HomePageUrl string
    Redirect to this URL when not logged in.
    HousekeepingEnabled bool
    Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
    HousekeepingFullRepackPeriod int
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_full_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    HousekeepingGcPeriod int
    Number of Git pushes after which git gc is run.

    Deprecated:housekeeping_gc_period is deprecated. Use housekeeping_optimize_repository_period instead.

    HousekeepingIncrementalRepackPeriod int
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_incremental_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    HousekeepingOptimizeRepositoryPeriod int
    Number of Git pushes after which an incremental git repack is run.
    HtmlEmailsEnabled bool
    Enable HTML emails.
    ImportSources []string
    Sources to allow project import from. Valid values are: github, bitbucket, bitbucket_server, fogbugz, git, gitlab.Project, gitea, manifest
    InProductMarketingEmailsEnabled bool
    Enable in-product marketing emails.
    InactiveProjectsDeleteAfterMonths int
    If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    InactiveProjectsMinSizeMb int
    If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    InactiveProjectsSendWarningEmailAfterMonths int
    If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    InvisibleCaptchaEnabled bool
    Enable Invisible CAPTCHA spam detection during sign-up.
    IssuesCreateLimit int
    Max number of issue creation requests per minute per user.
    KeepLatestArtifact bool
    Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
    LocalMarkdownVersion int
    Increase this value when any cached Markdown should be invalidated.
    MailgunEventsEnabled bool
    Enable Mailgun event receiver.
    MailgunSigningKey string
    The Mailgun HTTP webhook signing key for receiving events from webhook.
    MaintenanceMode bool
    When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
    MaintenanceModeMessage string
    Message displayed when instance is in maintenance mode.
    MaxArtifactsSize int
    Maximum artifacts size in MB.
    MaxAttachmentSize int
    Limit attachment size in MB.
    MaxExportSize int
    Maximum export size in MB. 0 for unlimited.
    MaxImportSize int
    Maximum import size in MB. 0 for unlimited.
    MaxNumberOfRepositoryDownloads int
    Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
    MaxNumberOfRepositoryDownloadsWithinTimePeriod int
    Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
    MaxPagesSize int
    Maximum size of pages repositories in MB.
    MaxPersonalAccessTokenLifetime int
    Maximum allowable lifetime for access tokens in days.
    MaxSshKeyLifetime int
    Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
    MetricsMethodCallThreshold int
    A method call is only tracked when it takes longer than the given amount of milliseconds.
    MirrorAvailable bool
    Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
    MirrorCapacityThreshold int
    Minimum capacity to be available before scheduling more mirrors preemptively.
    MirrorMaxCapacity int
    Maximum number of mirrors that can be synchronizing at the same time.
    MirrorMaxDelay int
    Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
    NpmPackageRequestsForwarding bool
    Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
    OutboundLocalRequestsWhitelists []string
    Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
    PackageRegistryCleanupPoliciesWorkerCapacity int
    Number of workers assigned to the packages cleanup policies.
    PagesDomainVerificationEnabled bool
    Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
    PasswordAuthenticationEnabledForGit bool
    Enable authentication for Git over HTTP(S) via a GitLab account password.
    PasswordAuthenticationEnabledForWeb bool
    Enable authentication for the web interface via a GitLab account password.
    PasswordLowercaseRequired bool
    Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
    PasswordNumberRequired bool
    Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
    PasswordSymbolRequired bool
    Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
    PasswordUppercaseRequired bool
    Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
    PerformanceBarAllowedGroupPath string
    Path of the group that is allowed to toggle the performance bar.
    PersonalAccessTokenPrefix string
    Prefix for all generated personal access tokens.
    PipelineLimitPerProjectUserSha int
    Maximum number of pipeline creation requests per minute per user and commit.
    PlantumlEnabled bool
    (If enabled, requires: plantuml_url) Enable PlantUML integration.
    PlantumlUrl string
    The PlantUML instance URL for integration.
    PollingIntervalMultiplier float64
    Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
    ProjectExportEnabled bool
    Enable project export.
    PrometheusMetricsEnabled bool
    Enable Prometheus metrics.
    ProtectedCiVariables bool
    CI/CD variables are protected by default.
    PushEventActivitiesLimit int
    Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
    PushEventHooksLimit int
    Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
    PypiPackageRequestsForwarding bool
    Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
    RateLimitingResponseText string
    When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
    RawBlobRequestLimit int
    Max number of requests per minute for each raw path. To disable throttling set to 0.
    RecaptchaEnabled bool
    (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
    RecaptchaPrivateKey string
    Private key for reCAPTCHA.
    RecaptchaSiteKey string
    Site key for reCAPTCHA.
    ReceiveMaxInputSize int
    Maximum push size (MB).
    RepositoryChecksEnabled bool
    GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
    RepositorySizeLimit int
    Size limit per repository (MB).
    RepositoryStorages []string
    (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
    RepositoryStoragesWeighted map[string]int
    (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
    RequireAdminApprovalAfterUserSignup bool
    When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
    RequireTwoFactorAuthentication bool
    (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
    RestrictedVisibilityLevels []string
    Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
    RsaKeyRestriction int
    The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
    SearchRateLimit int
    Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
    SearchRateLimitUnauthenticated int
    Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
    SendUserConfirmationEmail bool
    Send confirmation email on sign-up.
    SessionExpireDelay int
    Session duration in minutes. GitLab restart is required to apply changes.
    SharedRunnersEnabled bool
    (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
    SharedRunnersMinutes int
    Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
    SharedRunnersText string
    Shared runners text.
    SidekiqJobLimiterCompressionThresholdBytes int
    The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
    SidekiqJobLimiterLimitBytes int
    The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
    SidekiqJobLimiterMode string
    track or compress. Sets the behavior for Sidekiq job size limits.
    SignInText string
    Text on the login page.
    SignupEnabled bool
    Enable registration.
    SlackAppEnabled bool
    (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
    SlackAppId string
    The app ID of the Slack-app.
    SlackAppSecret string
    The app secret of the Slack-app.
    SlackAppSigningSecret string
    The signing secret of the Slack-app.
    SlackAppVerificationToken string
    The verification token of the Slack-app.
    SnippetSizeLimit int
    Max snippet content size in bytes.
    SnowplowAppId string
    The Snowplow site name / application ID. (for example, gitlab)
    SnowplowCollectorHostname string
    The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
    SnowplowCookieDomain string
    The Snowplow cookie domain. (for example, .gitlab.com)
    SnowplowEnabled bool
    Enable snowplow tracking.
    SourcegraphEnabled bool
    Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
    SourcegraphPublicOnly bool
    Blocks Sourcegraph from being loaded on private and internal projects.
    SourcegraphUrl string
    The Sourcegraph instance URL for integration.
    SpamCheckApiKey string
    API key used by GitLab for accessing the Spam Check service endpoint.
    SpamCheckEndpointEnabled bool
    Enables spam checking using external Spam Check API endpoint.
    SpamCheckEndpointUrl string
    URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
    SuggestPipelineEnabled bool
    Enable pipeline suggestion banner.
    TerminalMaxSessionTime int
    Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
    Terms string
    (Required by: enforce_terms) Markdown content for the ToS.
    ThrottleAuthenticatedApiEnabled bool
    (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    ThrottleAuthenticatedApiPeriodInSeconds int
    Rate limit period (in seconds).
    ThrottleAuthenticatedApiRequestsPerPeriod int
    Maximum requests per period per user.
    ThrottleAuthenticatedPackagesApiEnabled bool
    (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    ThrottleAuthenticatedPackagesApiPeriodInSeconds int
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    ThrottleAuthenticatedPackagesApiRequestsPerPeriod int
    Maximum requests per period per user. View Package Registry rate limits for more details.
    ThrottleAuthenticatedWebEnabled bool
    (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    ThrottleAuthenticatedWebPeriodInSeconds int
    Rate limit period (in seconds).
    ThrottleAuthenticatedWebRequestsPerPeriod int
    Maximum requests per period per user.
    ThrottleUnauthenticatedApiEnabled bool
    (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    ThrottleUnauthenticatedApiPeriodInSeconds int
    Rate limit period in seconds.
    ThrottleUnauthenticatedApiRequestsPerPeriod int
    Max requests per period per IP.
    ThrottleUnauthenticatedPackagesApiEnabled bool
    (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    ThrottleUnauthenticatedPackagesApiPeriodInSeconds int
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    ThrottleUnauthenticatedPackagesApiRequestsPerPeriod int
    Maximum requests per period per user. View Package Registry rate limits for more details.
    ThrottleUnauthenticatedWebEnabled bool
    (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    ThrottleUnauthenticatedWebPeriodInSeconds int
    Rate limit period in seconds.
    ThrottleUnauthenticatedWebRequestsPerPeriod int
    Max requests per period per IP.
    TimeTrackingLimitToHours bool
    Limit display of time tracking units to hours.
    TwoFactorGracePeriod int
    Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
    UniqueIpsLimitEnabled bool
    (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
    UniqueIpsLimitPerUser int
    Maximum number of IPs per user.
    UniqueIpsLimitTimeWindow int
    How many seconds an IP is counted towards the limit.
    UsagePingEnabled bool
    Every week GitLab reports license usage back to GitLab, Inc.
    UserDeactivationEmailsEnabled bool
    Send an email to users upon account deactivation.
    UserDefaultExternal bool
    Newly registered users are external by default.
    UserDefaultInternalRegex string
    Specify an email address regex pattern to identify default internal users.
    UserOauthApplications bool
    Allow users to register any application to use GitLab as an OAuth provider.
    UserShowAddSshKeyMessage bool
    When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
    VersionCheckEnabled bool
    Let GitLab inform you when an update is available.
    WebIdeClientsidePreviewEnabled bool
    Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
    WhatsNewVariant string
    What’s new variant, possible values: alltiers, currenttier, and disabled.
    WikiPageMaxContentBytes int
    Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
    abuseNotificationEmail String
    If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
    adminMode Boolean
    Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
    afterSignOutPath String
    Where to redirect users after logout.
    afterSignUpText String
    Text shown to the user after signing up.
    akismetApiKey String
    API key for Akismet spam protection.
    akismetEnabled Boolean
    (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
    allowGroupOwnersToManageLdap Boolean
    Set to true to allow group owners to manage LDAP.
    allowLocalRequestsFromSystemHooks Boolean
    Allow requests to the local network from system hooks.
    allowLocalRequestsFromWebHooksAndServices Boolean
    Allow requests to the local network from web hooks and services.
    archiveBuildsInHumanReadable String
    Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
    assetProxyAllowlists List<String>
    Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
    assetProxyEnabled Boolean
    (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
    assetProxySecretKey String
    Shared secret with the asset proxy server. GitLab restart is required to apply changes.
    assetProxyUrl String
    URL of the asset proxy server. GitLab restart is required to apply changes.
    authorizedKeysEnabled Boolean
    By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
    autoDevopsDomain String
    Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
    autoDevopsEnabled Boolean
    Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
    automaticPurchasedStorageAllocation Boolean
    Enabling this permits automatic allocation of purchased storage in a namespace.
    canCreateGroup Boolean
    Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
    checkNamespacePlan Boolean
    Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
    commitEmailHostname String
    Custom hostname (for private commit emails).
    containerExpirationPoliciesEnableHistoricEntries Boolean
    Enable cleanup policies for all projects.
    containerRegistryCleanupTagsServiceMaxListSize Integer
    The maximum number of tags that can be deleted in a single execution of cleanup policies.
    containerRegistryDeleteTagsServiceTimeout Integer
    The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
    containerRegistryExpirationPoliciesCaching Boolean
    Caching during the execution of cleanup policies.
    containerRegistryExpirationPoliciesWorkerCapacity Integer
    Number of workers for cleanup policies.
    containerRegistryTokenExpireDelay Integer
    Container Registry token duration in minutes.
    deactivateDormantUsers Boolean
    Enable automatic deactivation of dormant users.
    defaultArtifactsExpireIn String
    Set the default expiration time for each job’s artifacts.
    defaultBranchName String
    Instance-level custom initial branch name (introduced in GitLab 13.2).
    defaultBranchProtection Integer
    Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
    defaultCiConfigPath String
    Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
    defaultGroupVisibility String
    What visibility level new groups receive. Can take private, internal and public as a parameter.
    defaultProjectCreation Integer
    Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
    defaultProjectVisibility String
    What visibility level new projects receive. Can take private, internal and public as a parameter.
    defaultProjectsLimit Integer
    Project limit per user.
    defaultSnippetVisibility String
    What visibility level new snippets receive. Can take private, internal and public as a parameter.
    deleteInactiveProjects Boolean
    Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
    deletionAdjournedPeriod Integer
    The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
    diffMaxFiles Integer
    Maximum files in a diff.
    diffMaxLines Integer
    Maximum lines in a diff.
    diffMaxPatchBytes Integer
    Maximum diff patch size, in bytes.
    disableFeedToken Boolean
    Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
    disabledOauthSignInSources List<String>
    Disabled OAuth sign-in sources.
    dnsRebindingProtectionEnabled Boolean
    Enforce DNS rebinding attack protection.
    domainAllowlists List<String>
    Force people to use only corporate emails for sign-up. Null means there is no restriction.
    domainDenylistEnabled Boolean
    (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
    domainDenylists List<String>
    Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
    dsaKeyRestriction Integer
    The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
    ecdsaKeyRestriction Integer
    The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
    ecdsaSkKeyRestriction Integer
    The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
    ed25519KeyRestriction Integer
    The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
    ed25519SkKeyRestriction Integer
    The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
    eksAccessKeyId String
    AWS IAM access key ID.
    eksAccountId String
    Amazon account ID.
    eksIntegrationEnabled Boolean
    Enable integration with Amazon EKS.
    eksSecretAccessKey String
    AWS IAM secret access key.
    elasticsearchAws Boolean
    Enable the use of AWS hosted Elasticsearch.
    elasticsearchAwsAccessKey String
    AWS IAM access key.
    elasticsearchAwsRegion String
    The AWS region the Elasticsearch domain is configured.
    elasticsearchAwsSecretAccessKey String
    AWS IAM secret access key.
    elasticsearchIndexedFieldLengthLimit Integer
    Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
    elasticsearchIndexedFileSizeLimitKb Integer
    Maximum size of repository and wiki files that are indexed by Elasticsearch.
    elasticsearchIndexing Boolean
    Enable Elasticsearch indexing.
    elasticsearchLimitIndexing Boolean
    Limit Elasticsearch to index certain namespaces and projects.
    elasticsearchMaxBulkConcurrency Integer
    Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
    elasticsearchMaxBulkSizeMb Integer
    Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
    elasticsearchNamespaceIds List<Integer>
    The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    elasticsearchPassword String
    The password of your Elasticsearch instance.
    elasticsearchProjectIds List<Integer>
    The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    elasticsearchSearch Boolean
    Enable Elasticsearch search.
    elasticsearchUrls List<String>
    The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
    elasticsearchUsername String
    The username of your Elasticsearch instance.
    emailAdditionalText String
    Additional text added to the bottom of every email for legal/auditing/compliance reasons.
    emailAuthorInBody Boolean
    Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
    enabledGitAccessProtocol String
    Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
    enforceNamespaceStorageLimit Boolean
    Enabling this permits enforcement of namespace storage limits.
    enforceTerms Boolean
    (If enabled, requires: terms) Enforce application ToS to all users.
    externalAuthClientCert String
    (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
    externalAuthClientKey String
    Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
    externalAuthClientKeyPass String
    Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
    externalAuthorizationServiceDefaultLabel String
    The default classification label to use when requesting authorization and no classification label has been specified on the project.
    externalAuthorizationServiceEnabled Boolean
    (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
    externalAuthorizationServiceTimeout Double
    The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
    externalAuthorizationServiceUrl String
    URL to which authorization requests are directed.
    externalPipelineValidationServiceTimeout Integer
    How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
    externalPipelineValidationServiceToken String
    Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
    externalPipelineValidationServiceUrl String
    URL to use for pipeline validation requests.
    fileTemplateProjectId Integer
    The ID of a project to load custom file templates from.
    firstDayOfWeek Integer
    Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
    geoNodeAllowedIps String
    Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
    geoStatusTimeout Integer
    The amount of seconds after which a request to get a secondary node status times out.
    gitRateLimitUsersAllowlists List<String>
    List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
    gitTwoFactorSessionExpiry Integer
    Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
    gitalyTimeoutDefault Integer
    Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
    gitalyTimeoutFast Integer
    Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
    gitalyTimeoutMedium Integer
    Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
    grafanaEnabled Boolean
    Enable Grafana.
    grafanaUrl String
    Grafana URL.
    gravatarEnabled Boolean
    Enable Gravatar.
    groupOwnersCanManageDefaultBranchProtection Boolean
    Prevent overrides of default branch protection.
    hashedStorageEnabled Boolean
    Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
    helpPageHideCommercialContent Boolean
    Hide marketing-related entries from help.
    helpPageSupportUrl String
    Alternate support URL for help page and help dropdown.
    helpPageText String
    Custom text displayed on the help page.
    helpText String
    GitLab server administrator information.
    hideThirdPartyOffers Boolean
    Do not display offers from third parties in GitLab.
    homePageUrl String
    Redirect to this URL when not logged in.
    housekeepingEnabled Boolean
    Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
    housekeepingFullRepackPeriod Integer
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_full_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeepingGcPeriod Integer
    Number of Git pushes after which git gc is run.

    Deprecated:housekeeping_gc_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeepingIncrementalRepackPeriod Integer
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_incremental_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeepingOptimizeRepositoryPeriod Integer
    Number of Git pushes after which an incremental git repack is run.
    htmlEmailsEnabled Boolean
    Enable HTML emails.
    importSources List<String>
    Sources to allow project import from. Valid values are: github, bitbucket, bitbucket_server, fogbugz, git, gitlab.Project, gitea, manifest
    inProductMarketingEmailsEnabled Boolean
    Enable in-product marketing emails.
    inactiveProjectsDeleteAfterMonths Integer
    If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    inactiveProjectsMinSizeMb Integer
    If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    inactiveProjectsSendWarningEmailAfterMonths Integer
    If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    invisibleCaptchaEnabled Boolean
    Enable Invisible CAPTCHA spam detection during sign-up.
    issuesCreateLimit Integer
    Max number of issue creation requests per minute per user.
    keepLatestArtifact Boolean
    Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
    localMarkdownVersion Integer
    Increase this value when any cached Markdown should be invalidated.
    mailgunEventsEnabled Boolean
    Enable Mailgun event receiver.
    mailgunSigningKey String
    The Mailgun HTTP webhook signing key for receiving events from webhook.
    maintenanceMode Boolean
    When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
    maintenanceModeMessage String
    Message displayed when instance is in maintenance mode.
    maxArtifactsSize Integer
    Maximum artifacts size in MB.
    maxAttachmentSize Integer
    Limit attachment size in MB.
    maxExportSize Integer
    Maximum export size in MB. 0 for unlimited.
    maxImportSize Integer
    Maximum import size in MB. 0 for unlimited.
    maxNumberOfRepositoryDownloads Integer
    Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
    maxNumberOfRepositoryDownloadsWithinTimePeriod Integer
    Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
    maxPagesSize Integer
    Maximum size of pages repositories in MB.
    maxPersonalAccessTokenLifetime Integer
    Maximum allowable lifetime for access tokens in days.
    maxSshKeyLifetime Integer
    Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
    metricsMethodCallThreshold Integer
    A method call is only tracked when it takes longer than the given amount of milliseconds.
    mirrorAvailable Boolean
    Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
    mirrorCapacityThreshold Integer
    Minimum capacity to be available before scheduling more mirrors preemptively.
    mirrorMaxCapacity Integer
    Maximum number of mirrors that can be synchronizing at the same time.
    mirrorMaxDelay Integer
    Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
    npmPackageRequestsForwarding Boolean
    Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
    outboundLocalRequestsWhitelists List<String>
    Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
    packageRegistryCleanupPoliciesWorkerCapacity Integer
    Number of workers assigned to the packages cleanup policies.
    pagesDomainVerificationEnabled Boolean
    Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
    passwordAuthenticationEnabledForGit Boolean
    Enable authentication for Git over HTTP(S) via a GitLab account password.
    passwordAuthenticationEnabledForWeb Boolean
    Enable authentication for the web interface via a GitLab account password.
    passwordLowercaseRequired Boolean
    Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
    passwordNumberRequired Boolean
    Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
    passwordSymbolRequired Boolean
    Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
    passwordUppercaseRequired Boolean
    Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
    performanceBarAllowedGroupPath String
    Path of the group that is allowed to toggle the performance bar.
    personalAccessTokenPrefix String
    Prefix for all generated personal access tokens.
    pipelineLimitPerProjectUserSha Integer
    Maximum number of pipeline creation requests per minute per user and commit.
    plantumlEnabled Boolean
    (If enabled, requires: plantuml_url) Enable PlantUML integration.
    plantumlUrl String
    The PlantUML instance URL for integration.
    pollingIntervalMultiplier Double
    Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
    projectExportEnabled Boolean
    Enable project export.
    prometheusMetricsEnabled Boolean
    Enable Prometheus metrics.
    protectedCiVariables Boolean
    CI/CD variables are protected by default.
    pushEventActivitiesLimit Integer
    Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
    pushEventHooksLimit Integer
    Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
    pypiPackageRequestsForwarding Boolean
    Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
    rateLimitingResponseText String
    When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
    rawBlobRequestLimit Integer
    Max number of requests per minute for each raw path. To disable throttling set to 0.
    recaptchaEnabled Boolean
    (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
    recaptchaPrivateKey String
    Private key for reCAPTCHA.
    recaptchaSiteKey String
    Site key for reCAPTCHA.
    receiveMaxInputSize Integer
    Maximum push size (MB).
    repositoryChecksEnabled Boolean
    GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
    repositorySizeLimit Integer
    Size limit per repository (MB).
    repositoryStorages List<String>
    (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
    repositoryStoragesWeighted Map<String,Integer>
    (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
    requireAdminApprovalAfterUserSignup Boolean
    When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
    requireTwoFactorAuthentication Boolean
    (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
    restrictedVisibilityLevels List<String>
    Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
    rsaKeyRestriction Integer
    The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
    searchRateLimit Integer
    Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
    searchRateLimitUnauthenticated Integer
    Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
    sendUserConfirmationEmail Boolean
    Send confirmation email on sign-up.
    sessionExpireDelay Integer
    Session duration in minutes. GitLab restart is required to apply changes.
    sharedRunnersEnabled Boolean
    (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
    sharedRunnersMinutes Integer
    Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
    sharedRunnersText String
    Shared runners text.
    sidekiqJobLimiterCompressionThresholdBytes Integer
    The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
    sidekiqJobLimiterLimitBytes Integer
    The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
    sidekiqJobLimiterMode String
    track or compress. Sets the behavior for Sidekiq job size limits.
    signInText String
    Text on the login page.
    signupEnabled Boolean
    Enable registration.
    slackAppEnabled Boolean
    (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
    slackAppId String
    The app ID of the Slack-app.
    slackAppSecret String
    The app secret of the Slack-app.
    slackAppSigningSecret String
    The signing secret of the Slack-app.
    slackAppVerificationToken String
    The verification token of the Slack-app.
    snippetSizeLimit Integer
    Max snippet content size in bytes.
    snowplowAppId String
    The Snowplow site name / application ID. (for example, gitlab)
    snowplowCollectorHostname String
    The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
    snowplowCookieDomain String
    The Snowplow cookie domain. (for example, .gitlab.com)
    snowplowEnabled Boolean
    Enable snowplow tracking.
    sourcegraphEnabled Boolean
    Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
    sourcegraphPublicOnly Boolean
    Blocks Sourcegraph from being loaded on private and internal projects.
    sourcegraphUrl String
    The Sourcegraph instance URL for integration.
    spamCheckApiKey String
    API key used by GitLab for accessing the Spam Check service endpoint.
    spamCheckEndpointEnabled Boolean
    Enables spam checking using external Spam Check API endpoint.
    spamCheckEndpointUrl String
    URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
    suggestPipelineEnabled Boolean
    Enable pipeline suggestion banner.
    terminalMaxSessionTime Integer
    Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
    terms String
    (Required by: enforce_terms) Markdown content for the ToS.
    throttleAuthenticatedApiEnabled Boolean
    (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleAuthenticatedApiPeriodInSeconds Integer
    Rate limit period (in seconds).
    throttleAuthenticatedApiRequestsPerPeriod Integer
    Maximum requests per period per user.
    throttleAuthenticatedPackagesApiEnabled Boolean
    (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    throttleAuthenticatedPackagesApiPeriodInSeconds Integer
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    throttleAuthenticatedPackagesApiRequestsPerPeriod Integer
    Maximum requests per period per user. View Package Registry rate limits for more details.
    throttleAuthenticatedWebEnabled Boolean
    (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleAuthenticatedWebPeriodInSeconds Integer
    Rate limit period (in seconds).
    throttleAuthenticatedWebRequestsPerPeriod Integer
    Maximum requests per period per user.
    throttleUnauthenticatedApiEnabled Boolean
    (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleUnauthenticatedApiPeriodInSeconds Integer
    Rate limit period in seconds.
    throttleUnauthenticatedApiRequestsPerPeriod Integer
    Max requests per period per IP.
    throttleUnauthenticatedPackagesApiEnabled Boolean
    (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    throttleUnauthenticatedPackagesApiPeriodInSeconds Integer
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    throttleUnauthenticatedPackagesApiRequestsPerPeriod Integer
    Maximum requests per period per user. View Package Registry rate limits for more details.
    throttleUnauthenticatedWebEnabled Boolean
    (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleUnauthenticatedWebPeriodInSeconds Integer
    Rate limit period in seconds.
    throttleUnauthenticatedWebRequestsPerPeriod Integer
    Max requests per period per IP.
    timeTrackingLimitToHours Boolean
    Limit display of time tracking units to hours.
    twoFactorGracePeriod Integer
    Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
    uniqueIpsLimitEnabled Boolean
    (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
    uniqueIpsLimitPerUser Integer
    Maximum number of IPs per user.
    uniqueIpsLimitTimeWindow Integer
    How many seconds an IP is counted towards the limit.
    usagePingEnabled Boolean
    Every week GitLab reports license usage back to GitLab, Inc.
    userDeactivationEmailsEnabled Boolean
    Send an email to users upon account deactivation.
    userDefaultExternal Boolean
    Newly registered users are external by default.
    userDefaultInternalRegex String
    Specify an email address regex pattern to identify default internal users.
    userOauthApplications Boolean
    Allow users to register any application to use GitLab as an OAuth provider.
    userShowAddSshKeyMessage Boolean
    When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
    versionCheckEnabled Boolean
    Let GitLab inform you when an update is available.
    webIdeClientsidePreviewEnabled Boolean
    Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
    whatsNewVariant String
    What’s new variant, possible values: alltiers, currenttier, and disabled.
    wikiPageMaxContentBytes Integer
    Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
    abuseNotificationEmail string
    If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
    adminMode boolean
    Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
    afterSignOutPath string
    Where to redirect users after logout.
    afterSignUpText string
    Text shown to the user after signing up.
    akismetApiKey string
    API key for Akismet spam protection.
    akismetEnabled boolean
    (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
    allowGroupOwnersToManageLdap boolean
    Set to true to allow group owners to manage LDAP.
    allowLocalRequestsFromSystemHooks boolean
    Allow requests to the local network from system hooks.
    allowLocalRequestsFromWebHooksAndServices boolean
    Allow requests to the local network from web hooks and services.
    archiveBuildsInHumanReadable string
    Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
    assetProxyAllowlists string[]
    Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
    assetProxyEnabled boolean
    (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
    assetProxySecretKey string
    Shared secret with the asset proxy server. GitLab restart is required to apply changes.
    assetProxyUrl string
    URL of the asset proxy server. GitLab restart is required to apply changes.
    authorizedKeysEnabled boolean
    By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
    autoDevopsDomain string
    Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
    autoDevopsEnabled boolean
    Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
    automaticPurchasedStorageAllocation boolean
    Enabling this permits automatic allocation of purchased storage in a namespace.
    canCreateGroup boolean
    Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
    checkNamespacePlan boolean
    Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
    commitEmailHostname string
    Custom hostname (for private commit emails).
    containerExpirationPoliciesEnableHistoricEntries boolean
    Enable cleanup policies for all projects.
    containerRegistryCleanupTagsServiceMaxListSize number
    The maximum number of tags that can be deleted in a single execution of cleanup policies.
    containerRegistryDeleteTagsServiceTimeout number
    The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
    containerRegistryExpirationPoliciesCaching boolean
    Caching during the execution of cleanup policies.
    containerRegistryExpirationPoliciesWorkerCapacity number
    Number of workers for cleanup policies.
    containerRegistryTokenExpireDelay number
    Container Registry token duration in minutes.
    deactivateDormantUsers boolean
    Enable automatic deactivation of dormant users.
    defaultArtifactsExpireIn string
    Set the default expiration time for each job’s artifacts.
    defaultBranchName string
    Instance-level custom initial branch name (introduced in GitLab 13.2).
    defaultBranchProtection number
    Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
    defaultCiConfigPath string
    Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
    defaultGroupVisibility string
    What visibility level new groups receive. Can take private, internal and public as a parameter.
    defaultProjectCreation number
    Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
    defaultProjectVisibility string
    What visibility level new projects receive. Can take private, internal and public as a parameter.
    defaultProjectsLimit number
    Project limit per user.
    defaultSnippetVisibility string
    What visibility level new snippets receive. Can take private, internal and public as a parameter.
    deleteInactiveProjects boolean
    Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
    deletionAdjournedPeriod number
    The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
    diffMaxFiles number
    Maximum files in a diff.
    diffMaxLines number
    Maximum lines in a diff.
    diffMaxPatchBytes number
    Maximum diff patch size, in bytes.
    disableFeedToken boolean
    Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
    disabledOauthSignInSources string[]
    Disabled OAuth sign-in sources.
    dnsRebindingProtectionEnabled boolean
    Enforce DNS rebinding attack protection.
    domainAllowlists string[]
    Force people to use only corporate emails for sign-up. Null means there is no restriction.
    domainDenylistEnabled boolean
    (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
    domainDenylists string[]
    Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
    dsaKeyRestriction number
    The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
    ecdsaKeyRestriction number
    The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
    ecdsaSkKeyRestriction number
    The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
    ed25519KeyRestriction number
    The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
    ed25519SkKeyRestriction number
    The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
    eksAccessKeyId string
    AWS IAM access key ID.
    eksAccountId string
    Amazon account ID.
    eksIntegrationEnabled boolean
    Enable integration with Amazon EKS.
    eksSecretAccessKey string
    AWS IAM secret access key.
    elasticsearchAws boolean
    Enable the use of AWS hosted Elasticsearch.
    elasticsearchAwsAccessKey string
    AWS IAM access key.
    elasticsearchAwsRegion string
    The AWS region the Elasticsearch domain is configured.
    elasticsearchAwsSecretAccessKey string
    AWS IAM secret access key.
    elasticsearchIndexedFieldLengthLimit number
    Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
    elasticsearchIndexedFileSizeLimitKb number
    Maximum size of repository and wiki files that are indexed by Elasticsearch.
    elasticsearchIndexing boolean
    Enable Elasticsearch indexing.
    elasticsearchLimitIndexing boolean
    Limit Elasticsearch to index certain namespaces and projects.
    elasticsearchMaxBulkConcurrency number
    Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
    elasticsearchMaxBulkSizeMb number
    Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
    elasticsearchNamespaceIds number[]
    The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    elasticsearchPassword string
    The password of your Elasticsearch instance.
    elasticsearchProjectIds number[]
    The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    elasticsearchSearch boolean
    Enable Elasticsearch search.
    elasticsearchUrls string[]
    The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
    elasticsearchUsername string
    The username of your Elasticsearch instance.
    emailAdditionalText string
    Additional text added to the bottom of every email for legal/auditing/compliance reasons.
    emailAuthorInBody boolean
    Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
    enabledGitAccessProtocol string
    Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
    enforceNamespaceStorageLimit boolean
    Enabling this permits enforcement of namespace storage limits.
    enforceTerms boolean
    (If enabled, requires: terms) Enforce application ToS to all users.
    externalAuthClientCert string
    (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
    externalAuthClientKey string
    Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
    externalAuthClientKeyPass string
    Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
    externalAuthorizationServiceDefaultLabel string
    The default classification label to use when requesting authorization and no classification label has been specified on the project.
    externalAuthorizationServiceEnabled boolean
    (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
    externalAuthorizationServiceTimeout number
    The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
    externalAuthorizationServiceUrl string
    URL to which authorization requests are directed.
    externalPipelineValidationServiceTimeout number
    How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
    externalPipelineValidationServiceToken string
    Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
    externalPipelineValidationServiceUrl string
    URL to use for pipeline validation requests.
    fileTemplateProjectId number
    The ID of a project to load custom file templates from.
    firstDayOfWeek number
    Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
    geoNodeAllowedIps string
    Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
    geoStatusTimeout number
    The amount of seconds after which a request to get a secondary node status times out.
    gitRateLimitUsersAllowlists string[]
    List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
    gitTwoFactorSessionExpiry number
    Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
    gitalyTimeoutDefault number
    Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
    gitalyTimeoutFast number
    Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
    gitalyTimeoutMedium number
    Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
    grafanaEnabled boolean
    Enable Grafana.
    grafanaUrl string
    Grafana URL.
    gravatarEnabled boolean
    Enable Gravatar.
    groupOwnersCanManageDefaultBranchProtection boolean
    Prevent overrides of default branch protection.
    hashedStorageEnabled boolean
    Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
    helpPageHideCommercialContent boolean
    Hide marketing-related entries from help.
    helpPageSupportUrl string
    Alternate support URL for help page and help dropdown.
    helpPageText string
    Custom text displayed on the help page.
    helpText string
    GitLab server administrator information.
    hideThirdPartyOffers boolean
    Do not display offers from third parties in GitLab.
    homePageUrl string
    Redirect to this URL when not logged in.
    housekeepingEnabled boolean
    Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
    housekeepingFullRepackPeriod number
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_full_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeepingGcPeriod number
    Number of Git pushes after which git gc is run.

    Deprecated:housekeeping_gc_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeepingIncrementalRepackPeriod number
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_incremental_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeepingOptimizeRepositoryPeriod number
    Number of Git pushes after which an incremental git repack is run.
    htmlEmailsEnabled boolean
    Enable HTML emails.
    importSources string[]
    Sources to allow project import from. Valid values are: github, bitbucket, bitbucket_server, fogbugz, git, gitlab.Project, gitea, manifest
    inProductMarketingEmailsEnabled boolean
    Enable in-product marketing emails.
    inactiveProjectsDeleteAfterMonths number
    If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    inactiveProjectsMinSizeMb number
    If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    inactiveProjectsSendWarningEmailAfterMonths number
    If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    invisibleCaptchaEnabled boolean
    Enable Invisible CAPTCHA spam detection during sign-up.
    issuesCreateLimit number
    Max number of issue creation requests per minute per user.
    keepLatestArtifact boolean
    Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
    localMarkdownVersion number
    Increase this value when any cached Markdown should be invalidated.
    mailgunEventsEnabled boolean
    Enable Mailgun event receiver.
    mailgunSigningKey string
    The Mailgun HTTP webhook signing key for receiving events from webhook.
    maintenanceMode boolean
    When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
    maintenanceModeMessage string
    Message displayed when instance is in maintenance mode.
    maxArtifactsSize number
    Maximum artifacts size in MB.
    maxAttachmentSize number
    Limit attachment size in MB.
    maxExportSize number
    Maximum export size in MB. 0 for unlimited.
    maxImportSize number
    Maximum import size in MB. 0 for unlimited.
    maxNumberOfRepositoryDownloads number
    Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
    maxNumberOfRepositoryDownloadsWithinTimePeriod number
    Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
    maxPagesSize number
    Maximum size of pages repositories in MB.
    maxPersonalAccessTokenLifetime number
    Maximum allowable lifetime for access tokens in days.
    maxSshKeyLifetime number
    Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
    metricsMethodCallThreshold number
    A method call is only tracked when it takes longer than the given amount of milliseconds.
    mirrorAvailable boolean
    Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
    mirrorCapacityThreshold number
    Minimum capacity to be available before scheduling more mirrors preemptively.
    mirrorMaxCapacity number
    Maximum number of mirrors that can be synchronizing at the same time.
    mirrorMaxDelay number
    Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
    npmPackageRequestsForwarding boolean
    Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
    outboundLocalRequestsWhitelists string[]
    Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
    packageRegistryCleanupPoliciesWorkerCapacity number
    Number of workers assigned to the packages cleanup policies.
    pagesDomainVerificationEnabled boolean
    Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
    passwordAuthenticationEnabledForGit boolean
    Enable authentication for Git over HTTP(S) via a GitLab account password.
    passwordAuthenticationEnabledForWeb boolean
    Enable authentication for the web interface via a GitLab account password.
    passwordLowercaseRequired boolean
    Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
    passwordNumberRequired boolean
    Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
    passwordSymbolRequired boolean
    Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
    passwordUppercaseRequired boolean
    Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
    performanceBarAllowedGroupPath string
    Path of the group that is allowed to toggle the performance bar.
    personalAccessTokenPrefix string
    Prefix for all generated personal access tokens.
    pipelineLimitPerProjectUserSha number
    Maximum number of pipeline creation requests per minute per user and commit.
    plantumlEnabled boolean
    (If enabled, requires: plantuml_url) Enable PlantUML integration.
    plantumlUrl string
    The PlantUML instance URL for integration.
    pollingIntervalMultiplier number
    Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
    projectExportEnabled boolean
    Enable project export.
    prometheusMetricsEnabled boolean
    Enable Prometheus metrics.
    protectedCiVariables boolean
    CI/CD variables are protected by default.
    pushEventActivitiesLimit number
    Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
    pushEventHooksLimit number
    Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
    pypiPackageRequestsForwarding boolean
    Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
    rateLimitingResponseText string
    When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
    rawBlobRequestLimit number
    Max number of requests per minute for each raw path. To disable throttling set to 0.
    recaptchaEnabled boolean
    (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
    recaptchaPrivateKey string
    Private key for reCAPTCHA.
    recaptchaSiteKey string
    Site key for reCAPTCHA.
    receiveMaxInputSize number
    Maximum push size (MB).
    repositoryChecksEnabled boolean
    GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
    repositorySizeLimit number
    Size limit per repository (MB).
    repositoryStorages string[]
    (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
    repositoryStoragesWeighted {[key: string]: number}
    (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
    requireAdminApprovalAfterUserSignup boolean
    When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
    requireTwoFactorAuthentication boolean
    (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
    restrictedVisibilityLevels string[]
    Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
    rsaKeyRestriction number
    The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
    searchRateLimit number
    Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
    searchRateLimitUnauthenticated number
    Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
    sendUserConfirmationEmail boolean
    Send confirmation email on sign-up.
    sessionExpireDelay number
    Session duration in minutes. GitLab restart is required to apply changes.
    sharedRunnersEnabled boolean
    (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
    sharedRunnersMinutes number
    Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
    sharedRunnersText string
    Shared runners text.
    sidekiqJobLimiterCompressionThresholdBytes number
    The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
    sidekiqJobLimiterLimitBytes number
    The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
    sidekiqJobLimiterMode string
    track or compress. Sets the behavior for Sidekiq job size limits.
    signInText string
    Text on the login page.
    signupEnabled boolean
    Enable registration.
    slackAppEnabled boolean
    (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
    slackAppId string
    The app ID of the Slack-app.
    slackAppSecret string
    The app secret of the Slack-app.
    slackAppSigningSecret string
    The signing secret of the Slack-app.
    slackAppVerificationToken string
    The verification token of the Slack-app.
    snippetSizeLimit number
    Max snippet content size in bytes.
    snowplowAppId string
    The Snowplow site name / application ID. (for example, gitlab)
    snowplowCollectorHostname string
    The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
    snowplowCookieDomain string
    The Snowplow cookie domain. (for example, .gitlab.com)
    snowplowEnabled boolean
    Enable snowplow tracking.
    sourcegraphEnabled boolean
    Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
    sourcegraphPublicOnly boolean
    Blocks Sourcegraph from being loaded on private and internal projects.
    sourcegraphUrl string
    The Sourcegraph instance URL for integration.
    spamCheckApiKey string
    API key used by GitLab for accessing the Spam Check service endpoint.
    spamCheckEndpointEnabled boolean
    Enables spam checking using external Spam Check API endpoint.
    spamCheckEndpointUrl string
    URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
    suggestPipelineEnabled boolean
    Enable pipeline suggestion banner.
    terminalMaxSessionTime number
    Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
    terms string
    (Required by: enforce_terms) Markdown content for the ToS.
    throttleAuthenticatedApiEnabled boolean
    (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleAuthenticatedApiPeriodInSeconds number
    Rate limit period (in seconds).
    throttleAuthenticatedApiRequestsPerPeriod number
    Maximum requests per period per user.
    throttleAuthenticatedPackagesApiEnabled boolean
    (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    throttleAuthenticatedPackagesApiPeriodInSeconds number
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    throttleAuthenticatedPackagesApiRequestsPerPeriod number
    Maximum requests per period per user. View Package Registry rate limits for more details.
    throttleAuthenticatedWebEnabled boolean
    (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleAuthenticatedWebPeriodInSeconds number
    Rate limit period (in seconds).
    throttleAuthenticatedWebRequestsPerPeriod number
    Maximum requests per period per user.
    throttleUnauthenticatedApiEnabled boolean
    (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleUnauthenticatedApiPeriodInSeconds number
    Rate limit period in seconds.
    throttleUnauthenticatedApiRequestsPerPeriod number
    Max requests per period per IP.
    throttleUnauthenticatedPackagesApiEnabled boolean
    (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    throttleUnauthenticatedPackagesApiPeriodInSeconds number
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    throttleUnauthenticatedPackagesApiRequestsPerPeriod number
    Maximum requests per period per user. View Package Registry rate limits for more details.
    throttleUnauthenticatedWebEnabled boolean
    (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleUnauthenticatedWebPeriodInSeconds number
    Rate limit period in seconds.
    throttleUnauthenticatedWebRequestsPerPeriod number
    Max requests per period per IP.
    timeTrackingLimitToHours boolean
    Limit display of time tracking units to hours.
    twoFactorGracePeriod number
    Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
    uniqueIpsLimitEnabled boolean
    (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
    uniqueIpsLimitPerUser number
    Maximum number of IPs per user.
    uniqueIpsLimitTimeWindow number
    How many seconds an IP is counted towards the limit.
    usagePingEnabled boolean
    Every week GitLab reports license usage back to GitLab, Inc.
    userDeactivationEmailsEnabled boolean
    Send an email to users upon account deactivation.
    userDefaultExternal boolean
    Newly registered users are external by default.
    userDefaultInternalRegex string
    Specify an email address regex pattern to identify default internal users.
    userOauthApplications boolean
    Allow users to register any application to use GitLab as an OAuth provider.
    userShowAddSshKeyMessage boolean
    When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
    versionCheckEnabled boolean
    Let GitLab inform you when an update is available.
    webIdeClientsidePreviewEnabled boolean
    Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
    whatsNewVariant string
    What’s new variant, possible values: alltiers, currenttier, and disabled.
    wikiPageMaxContentBytes number
    Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
    abuse_notification_email str
    If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
    admin_mode bool
    Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
    after_sign_out_path str
    Where to redirect users after logout.
    after_sign_up_text str
    Text shown to the user after signing up.
    akismet_api_key str
    API key for Akismet spam protection.
    akismet_enabled bool
    (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
    allow_group_owners_to_manage_ldap bool
    Set to true to allow group owners to manage LDAP.
    allow_local_requests_from_system_hooks bool
    Allow requests to the local network from system hooks.
    allow_local_requests_from_web_hooks_and_services bool
    Allow requests to the local network from web hooks and services.
    archive_builds_in_human_readable str
    Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
    asset_proxy_allowlists Sequence[str]
    Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
    asset_proxy_enabled bool
    (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
    asset_proxy_secret_key str
    Shared secret with the asset proxy server. GitLab restart is required to apply changes.
    asset_proxy_url str
    URL of the asset proxy server. GitLab restart is required to apply changes.
    authorized_keys_enabled bool
    By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
    auto_devops_domain str
    Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
    auto_devops_enabled bool
    Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
    automatic_purchased_storage_allocation bool
    Enabling this permits automatic allocation of purchased storage in a namespace.
    can_create_group bool
    Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
    check_namespace_plan bool
    Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
    commit_email_hostname str
    Custom hostname (for private commit emails).
    container_expiration_policies_enable_historic_entries bool
    Enable cleanup policies for all projects.
    container_registry_cleanup_tags_service_max_list_size int
    The maximum number of tags that can be deleted in a single execution of cleanup policies.
    container_registry_delete_tags_service_timeout int
    The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
    container_registry_expiration_policies_caching bool
    Caching during the execution of cleanup policies.
    container_registry_expiration_policies_worker_capacity int
    Number of workers for cleanup policies.
    container_registry_token_expire_delay int
    Container Registry token duration in minutes.
    deactivate_dormant_users bool
    Enable automatic deactivation of dormant users.
    default_artifacts_expire_in str
    Set the default expiration time for each job’s artifacts.
    default_branch_name str
    Instance-level custom initial branch name (introduced in GitLab 13.2).
    default_branch_protection int
    Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
    default_ci_config_path str
    Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
    default_group_visibility str
    What visibility level new groups receive. Can take private, internal and public as a parameter.
    default_project_creation int
    Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
    default_project_visibility str
    What visibility level new projects receive. Can take private, internal and public as a parameter.
    default_projects_limit int
    Project limit per user.
    default_snippet_visibility str
    What visibility level new snippets receive. Can take private, internal and public as a parameter.
    delete_inactive_projects bool
    Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
    deletion_adjourned_period int
    The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
    diff_max_files int
    Maximum files in a diff.
    diff_max_lines int
    Maximum lines in a diff.
    diff_max_patch_bytes int
    Maximum diff patch size, in bytes.
    disable_feed_token bool
    Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
    disabled_oauth_sign_in_sources Sequence[str]
    Disabled OAuth sign-in sources.
    dns_rebinding_protection_enabled bool
    Enforce DNS rebinding attack protection.
    domain_allowlists Sequence[str]
    Force people to use only corporate emails for sign-up. Null means there is no restriction.
    domain_denylist_enabled bool
    (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
    domain_denylists Sequence[str]
    Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
    dsa_key_restriction int
    The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
    ecdsa_key_restriction int
    The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
    ecdsa_sk_key_restriction int
    The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
    ed25519_key_restriction int
    The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
    ed25519_sk_key_restriction int
    The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
    eks_access_key_id str
    AWS IAM access key ID.
    eks_account_id str
    Amazon account ID.
    eks_integration_enabled bool
    Enable integration with Amazon EKS.
    eks_secret_access_key str
    AWS IAM secret access key.
    elasticsearch_aws bool
    Enable the use of AWS hosted Elasticsearch.
    elasticsearch_aws_access_key str
    AWS IAM access key.
    elasticsearch_aws_region str
    The AWS region the Elasticsearch domain is configured.
    elasticsearch_aws_secret_access_key str
    AWS IAM secret access key.
    elasticsearch_indexed_field_length_limit int
    Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
    elasticsearch_indexed_file_size_limit_kb int
    Maximum size of repository and wiki files that are indexed by Elasticsearch.
    elasticsearch_indexing bool
    Enable Elasticsearch indexing.
    elasticsearch_limit_indexing bool
    Limit Elasticsearch to index certain namespaces and projects.
    elasticsearch_max_bulk_concurrency int
    Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
    elasticsearch_max_bulk_size_mb int
    Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
    elasticsearch_namespace_ids Sequence[int]
    The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    elasticsearch_password str
    The password of your Elasticsearch instance.
    elasticsearch_project_ids Sequence[int]
    The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    elasticsearch_search bool
    Enable Elasticsearch search.
    elasticsearch_urls Sequence[str]
    The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
    elasticsearch_username str
    The username of your Elasticsearch instance.
    email_additional_text str
    Additional text added to the bottom of every email for legal/auditing/compliance reasons.
    email_author_in_body bool
    Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
    enabled_git_access_protocol str
    Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
    enforce_namespace_storage_limit bool
    Enabling this permits enforcement of namespace storage limits.
    enforce_terms bool
    (If enabled, requires: terms) Enforce application ToS to all users.
    external_auth_client_cert str
    (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
    external_auth_client_key str
    Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
    external_auth_client_key_pass str
    Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
    external_authorization_service_default_label str
    The default classification label to use when requesting authorization and no classification label has been specified on the project.
    external_authorization_service_enabled bool
    (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
    external_authorization_service_timeout float
    The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
    external_authorization_service_url str
    URL to which authorization requests are directed.
    external_pipeline_validation_service_timeout int
    How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
    external_pipeline_validation_service_token str
    Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
    external_pipeline_validation_service_url str
    URL to use for pipeline validation requests.
    file_template_project_id int
    The ID of a project to load custom file templates from.
    first_day_of_week int
    Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
    geo_node_allowed_ips str
    Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
    geo_status_timeout int
    The amount of seconds after which a request to get a secondary node status times out.
    git_rate_limit_users_allowlists Sequence[str]
    List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
    git_two_factor_session_expiry int
    Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
    gitaly_timeout_default int
    Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
    gitaly_timeout_fast int
    Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
    gitaly_timeout_medium int
    Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
    grafana_enabled bool
    Enable Grafana.
    grafana_url str
    Grafana URL.
    gravatar_enabled bool
    Enable Gravatar.
    group_owners_can_manage_default_branch_protection bool
    Prevent overrides of default branch protection.
    hashed_storage_enabled bool
    Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
    help_page_hide_commercial_content bool
    Hide marketing-related entries from help.
    help_page_support_url str
    Alternate support URL for help page and help dropdown.
    help_page_text str
    Custom text displayed on the help page.
    help_text str
    GitLab server administrator information.
    hide_third_party_offers bool
    Do not display offers from third parties in GitLab.
    home_page_url str
    Redirect to this URL when not logged in.
    housekeeping_enabled bool
    Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
    housekeeping_full_repack_period int
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_full_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeeping_gc_period int
    Number of Git pushes after which git gc is run.

    Deprecated:housekeeping_gc_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeeping_incremental_repack_period int
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_incremental_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeeping_optimize_repository_period int
    Number of Git pushes after which an incremental git repack is run.
    html_emails_enabled bool
    Enable HTML emails.
    import_sources Sequence[str]
    Sources to allow project import from. Valid values are: github, bitbucket, bitbucket_server, fogbugz, git, gitlab.Project, gitea, manifest
    in_product_marketing_emails_enabled bool
    Enable in-product marketing emails.
    inactive_projects_delete_after_months int
    If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    inactive_projects_min_size_mb int
    If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    inactive_projects_send_warning_email_after_months int
    If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    invisible_captcha_enabled bool
    Enable Invisible CAPTCHA spam detection during sign-up.
    issues_create_limit int
    Max number of issue creation requests per minute per user.
    keep_latest_artifact bool
    Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
    local_markdown_version int
    Increase this value when any cached Markdown should be invalidated.
    mailgun_events_enabled bool
    Enable Mailgun event receiver.
    mailgun_signing_key str
    The Mailgun HTTP webhook signing key for receiving events from webhook.
    maintenance_mode bool
    When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
    maintenance_mode_message str
    Message displayed when instance is in maintenance mode.
    max_artifacts_size int
    Maximum artifacts size in MB.
    max_attachment_size int
    Limit attachment size in MB.
    max_export_size int
    Maximum export size in MB. 0 for unlimited.
    max_import_size int
    Maximum import size in MB. 0 for unlimited.
    max_number_of_repository_downloads int
    Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
    max_number_of_repository_downloads_within_time_period int
    Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
    max_pages_size int
    Maximum size of pages repositories in MB.
    max_personal_access_token_lifetime int
    Maximum allowable lifetime for access tokens in days.
    max_ssh_key_lifetime int
    Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
    metrics_method_call_threshold int
    A method call is only tracked when it takes longer than the given amount of milliseconds.
    mirror_available bool
    Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
    mirror_capacity_threshold int
    Minimum capacity to be available before scheduling more mirrors preemptively.
    mirror_max_capacity int
    Maximum number of mirrors that can be synchronizing at the same time.
    mirror_max_delay int
    Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
    npm_package_requests_forwarding bool
    Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
    outbound_local_requests_whitelists Sequence[str]
    Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
    package_registry_cleanup_policies_worker_capacity int
    Number of workers assigned to the packages cleanup policies.
    pages_domain_verification_enabled bool
    Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
    password_authentication_enabled_for_git bool
    Enable authentication for Git over HTTP(S) via a GitLab account password.
    password_authentication_enabled_for_web bool
    Enable authentication for the web interface via a GitLab account password.
    password_lowercase_required bool
    Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
    password_number_required bool
    Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
    password_symbol_required bool
    Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
    password_uppercase_required bool
    Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
    performance_bar_allowed_group_path str
    Path of the group that is allowed to toggle the performance bar.
    personal_access_token_prefix str
    Prefix for all generated personal access tokens.
    pipeline_limit_per_project_user_sha int
    Maximum number of pipeline creation requests per minute per user and commit.
    plantuml_enabled bool
    (If enabled, requires: plantuml_url) Enable PlantUML integration.
    plantuml_url str
    The PlantUML instance URL for integration.
    polling_interval_multiplier float
    Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
    project_export_enabled bool
    Enable project export.
    prometheus_metrics_enabled bool
    Enable Prometheus metrics.
    protected_ci_variables bool
    CI/CD variables are protected by default.
    push_event_activities_limit int
    Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
    push_event_hooks_limit int
    Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
    pypi_package_requests_forwarding bool
    Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
    rate_limiting_response_text str
    When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
    raw_blob_request_limit int
    Max number of requests per minute for each raw path. To disable throttling set to 0.
    recaptcha_enabled bool
    (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
    recaptcha_private_key str
    Private key for reCAPTCHA.
    recaptcha_site_key str
    Site key for reCAPTCHA.
    receive_max_input_size int
    Maximum push size (MB).
    repository_checks_enabled bool
    GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
    repository_size_limit int
    Size limit per repository (MB).
    repository_storages Sequence[str]
    (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
    repository_storages_weighted Mapping[str, int]
    (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
    require_admin_approval_after_user_signup bool
    When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
    require_two_factor_authentication bool
    (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
    restricted_visibility_levels Sequence[str]
    Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
    rsa_key_restriction int
    The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
    search_rate_limit int
    Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
    search_rate_limit_unauthenticated int
    Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
    send_user_confirmation_email bool
    Send confirmation email on sign-up.
    session_expire_delay int
    Session duration in minutes. GitLab restart is required to apply changes.
    shared_runners_enabled bool
    (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
    shared_runners_minutes int
    Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
    shared_runners_text str
    Shared runners text.
    sidekiq_job_limiter_compression_threshold_bytes int
    The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
    sidekiq_job_limiter_limit_bytes int
    The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
    sidekiq_job_limiter_mode str
    track or compress. Sets the behavior for Sidekiq job size limits.
    sign_in_text str
    Text on the login page.
    signup_enabled bool
    Enable registration.
    slack_app_enabled bool
    (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
    slack_app_id str
    The app ID of the Slack-app.
    slack_app_secret str
    The app secret of the Slack-app.
    slack_app_signing_secret str
    The signing secret of the Slack-app.
    slack_app_verification_token str
    The verification token of the Slack-app.
    snippet_size_limit int
    Max snippet content size in bytes.
    snowplow_app_id str
    The Snowplow site name / application ID. (for example, gitlab)
    snowplow_collector_hostname str
    The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
    snowplow_cookie_domain str
    The Snowplow cookie domain. (for example, .gitlab.com)
    snowplow_enabled bool
    Enable snowplow tracking.
    sourcegraph_enabled bool
    Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
    sourcegraph_public_only bool
    Blocks Sourcegraph from being loaded on private and internal projects.
    sourcegraph_url str
    The Sourcegraph instance URL for integration.
    spam_check_api_key str
    API key used by GitLab for accessing the Spam Check service endpoint.
    spam_check_endpoint_enabled bool
    Enables spam checking using external Spam Check API endpoint.
    spam_check_endpoint_url str
    URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
    suggest_pipeline_enabled bool
    Enable pipeline suggestion banner.
    terminal_max_session_time int
    Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
    terms str
    (Required by: enforce_terms) Markdown content for the ToS.
    throttle_authenticated_api_enabled bool
    (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttle_authenticated_api_period_in_seconds int
    Rate limit period (in seconds).
    throttle_authenticated_api_requests_per_period int
    Maximum requests per period per user.
    throttle_authenticated_packages_api_enabled bool
    (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    throttle_authenticated_packages_api_period_in_seconds int
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    throttle_authenticated_packages_api_requests_per_period int
    Maximum requests per period per user. View Package Registry rate limits for more details.
    throttle_authenticated_web_enabled bool
    (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttle_authenticated_web_period_in_seconds int
    Rate limit period (in seconds).
    throttle_authenticated_web_requests_per_period int
    Maximum requests per period per user.
    throttle_unauthenticated_api_enabled bool
    (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttle_unauthenticated_api_period_in_seconds int
    Rate limit period in seconds.
    throttle_unauthenticated_api_requests_per_period int
    Max requests per period per IP.
    throttle_unauthenticated_packages_api_enabled bool
    (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    throttle_unauthenticated_packages_api_period_in_seconds int
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    throttle_unauthenticated_packages_api_requests_per_period int
    Maximum requests per period per user. View Package Registry rate limits for more details.
    throttle_unauthenticated_web_enabled bool
    (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttle_unauthenticated_web_period_in_seconds int
    Rate limit period in seconds.
    throttle_unauthenticated_web_requests_per_period int
    Max requests per period per IP.
    time_tracking_limit_to_hours bool
    Limit display of time tracking units to hours.
    two_factor_grace_period int
    Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
    unique_ips_limit_enabled bool
    (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
    unique_ips_limit_per_user int
    Maximum number of IPs per user.
    unique_ips_limit_time_window int
    How many seconds an IP is counted towards the limit.
    usage_ping_enabled bool
    Every week GitLab reports license usage back to GitLab, Inc.
    user_deactivation_emails_enabled bool
    Send an email to users upon account deactivation.
    user_default_external bool
    Newly registered users are external by default.
    user_default_internal_regex str
    Specify an email address regex pattern to identify default internal users.
    user_oauth_applications bool
    Allow users to register any application to use GitLab as an OAuth provider.
    user_show_add_ssh_key_message bool
    When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
    version_check_enabled bool
    Let GitLab inform you when an update is available.
    web_ide_clientside_preview_enabled bool
    Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
    whats_new_variant str
    What’s new variant, possible values: alltiers, currenttier, and disabled.
    wiki_page_max_content_bytes int
    Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
    abuseNotificationEmail String
    If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
    adminMode Boolean
    Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
    afterSignOutPath String
    Where to redirect users after logout.
    afterSignUpText String
    Text shown to the user after signing up.
    akismetApiKey String
    API key for Akismet spam protection.
    akismetEnabled Boolean
    (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
    allowGroupOwnersToManageLdap Boolean
    Set to true to allow group owners to manage LDAP.
    allowLocalRequestsFromSystemHooks Boolean
    Allow requests to the local network from system hooks.
    allowLocalRequestsFromWebHooksAndServices Boolean
    Allow requests to the local network from web hooks and services.
    archiveBuildsInHumanReadable String
    Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
    assetProxyAllowlists List<String>
    Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
    assetProxyEnabled Boolean
    (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
    assetProxySecretKey String
    Shared secret with the asset proxy server. GitLab restart is required to apply changes.
    assetProxyUrl String
    URL of the asset proxy server. GitLab restart is required to apply changes.
    authorizedKeysEnabled Boolean
    By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
    autoDevopsDomain String
    Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
    autoDevopsEnabled Boolean
    Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
    automaticPurchasedStorageAllocation Boolean
    Enabling this permits automatic allocation of purchased storage in a namespace.
    canCreateGroup Boolean
    Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
    checkNamespacePlan Boolean
    Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
    commitEmailHostname String
    Custom hostname (for private commit emails).
    containerExpirationPoliciesEnableHistoricEntries Boolean
    Enable cleanup policies for all projects.
    containerRegistryCleanupTagsServiceMaxListSize Number
    The maximum number of tags that can be deleted in a single execution of cleanup policies.
    containerRegistryDeleteTagsServiceTimeout Number
    The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
    containerRegistryExpirationPoliciesCaching Boolean
    Caching during the execution of cleanup policies.
    containerRegistryExpirationPoliciesWorkerCapacity Number
    Number of workers for cleanup policies.
    containerRegistryTokenExpireDelay Number
    Container Registry token duration in minutes.
    deactivateDormantUsers Boolean
    Enable automatic deactivation of dormant users.
    defaultArtifactsExpireIn String
    Set the default expiration time for each job’s artifacts.
    defaultBranchName String
    Instance-level custom initial branch name (introduced in GitLab 13.2).
    defaultBranchProtection Number
    Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
    defaultCiConfigPath String
    Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
    defaultGroupVisibility String
    What visibility level new groups receive. Can take private, internal and public as a parameter.
    defaultProjectCreation Number
    Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
    defaultProjectVisibility String
    What visibility level new projects receive. Can take private, internal and public as a parameter.
    defaultProjectsLimit Number
    Project limit per user.
    defaultSnippetVisibility String
    What visibility level new snippets receive. Can take private, internal and public as a parameter.
    deleteInactiveProjects Boolean
    Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
    deletionAdjournedPeriod Number
    The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
    diffMaxFiles Number
    Maximum files in a diff.
    diffMaxLines Number
    Maximum lines in a diff.
    diffMaxPatchBytes Number
    Maximum diff patch size, in bytes.
    disableFeedToken Boolean
    Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
    disabledOauthSignInSources List<String>
    Disabled OAuth sign-in sources.
    dnsRebindingProtectionEnabled Boolean
    Enforce DNS rebinding attack protection.
    domainAllowlists List<String>
    Force people to use only corporate emails for sign-up. Null means there is no restriction.
    domainDenylistEnabled Boolean
    (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
    domainDenylists List<String>
    Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
    dsaKeyRestriction Number
    The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
    ecdsaKeyRestriction Number
    The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
    ecdsaSkKeyRestriction Number
    The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
    ed25519KeyRestriction Number
    The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
    ed25519SkKeyRestriction Number
    The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
    eksAccessKeyId String
    AWS IAM access key ID.
    eksAccountId String
    Amazon account ID.
    eksIntegrationEnabled Boolean
    Enable integration with Amazon EKS.
    eksSecretAccessKey String
    AWS IAM secret access key.
    elasticsearchAws Boolean
    Enable the use of AWS hosted Elasticsearch.
    elasticsearchAwsAccessKey String
    AWS IAM access key.
    elasticsearchAwsRegion String
    The AWS region the Elasticsearch domain is configured.
    elasticsearchAwsSecretAccessKey String
    AWS IAM secret access key.
    elasticsearchIndexedFieldLengthLimit Number
    Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
    elasticsearchIndexedFileSizeLimitKb Number
    Maximum size of repository and wiki files that are indexed by Elasticsearch.
    elasticsearchIndexing Boolean
    Enable Elasticsearch indexing.
    elasticsearchLimitIndexing Boolean
    Limit Elasticsearch to index certain namespaces and projects.
    elasticsearchMaxBulkConcurrency Number
    Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
    elasticsearchMaxBulkSizeMb Number
    Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
    elasticsearchNamespaceIds List<Number>
    The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    elasticsearchPassword String
    The password of your Elasticsearch instance.
    elasticsearchProjectIds List<Number>
    The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    elasticsearchSearch Boolean
    Enable Elasticsearch search.
    elasticsearchUrls List<String>
    The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
    elasticsearchUsername String
    The username of your Elasticsearch instance.
    emailAdditionalText String
    Additional text added to the bottom of every email for legal/auditing/compliance reasons.
    emailAuthorInBody Boolean
    Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
    enabledGitAccessProtocol String
    Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
    enforceNamespaceStorageLimit Boolean
    Enabling this permits enforcement of namespace storage limits.
    enforceTerms Boolean
    (If enabled, requires: terms) Enforce application ToS to all users.
    externalAuthClientCert String
    (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
    externalAuthClientKey String
    Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
    externalAuthClientKeyPass String
    Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
    externalAuthorizationServiceDefaultLabel String
    The default classification label to use when requesting authorization and no classification label has been specified on the project.
    externalAuthorizationServiceEnabled Boolean
    (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
    externalAuthorizationServiceTimeout Number
    The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
    externalAuthorizationServiceUrl String
    URL to which authorization requests are directed.
    externalPipelineValidationServiceTimeout Number
    How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
    externalPipelineValidationServiceToken String
    Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
    externalPipelineValidationServiceUrl String
    URL to use for pipeline validation requests.
    fileTemplateProjectId Number
    The ID of a project to load custom file templates from.
    firstDayOfWeek Number
    Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
    geoNodeAllowedIps String
    Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
    geoStatusTimeout Number
    The amount of seconds after which a request to get a secondary node status times out.
    gitRateLimitUsersAllowlists List<String>
    List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
    gitTwoFactorSessionExpiry Number
    Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
    gitalyTimeoutDefault Number
    Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
    gitalyTimeoutFast Number
    Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
    gitalyTimeoutMedium Number
    Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
    grafanaEnabled Boolean
    Enable Grafana.
    grafanaUrl String
    Grafana URL.
    gravatarEnabled Boolean
    Enable Gravatar.
    groupOwnersCanManageDefaultBranchProtection Boolean
    Prevent overrides of default branch protection.
    hashedStorageEnabled Boolean
    Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
    helpPageHideCommercialContent Boolean
    Hide marketing-related entries from help.
    helpPageSupportUrl String
    Alternate support URL for help page and help dropdown.
    helpPageText String
    Custom text displayed on the help page.
    helpText String
    GitLab server administrator information.
    hideThirdPartyOffers Boolean
    Do not display offers from third parties in GitLab.
    homePageUrl String
    Redirect to this URL when not logged in.
    housekeepingEnabled Boolean
    Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
    housekeepingFullRepackPeriod Number
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_full_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeepingGcPeriod Number
    Number of Git pushes after which git gc is run.

    Deprecated:housekeeping_gc_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeepingIncrementalRepackPeriod Number
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_incremental_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeepingOptimizeRepositoryPeriod Number
    Number of Git pushes after which an incremental git repack is run.
    htmlEmailsEnabled Boolean
    Enable HTML emails.
    importSources List<String>
    Sources to allow project import from. Valid values are: github, bitbucket, bitbucket_server, fogbugz, git, gitlab.Project, gitea, manifest
    inProductMarketingEmailsEnabled Boolean
    Enable in-product marketing emails.
    inactiveProjectsDeleteAfterMonths Number
    If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    inactiveProjectsMinSizeMb Number
    If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    inactiveProjectsSendWarningEmailAfterMonths Number
    If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    invisibleCaptchaEnabled Boolean
    Enable Invisible CAPTCHA spam detection during sign-up.
    issuesCreateLimit Number
    Max number of issue creation requests per minute per user.
    keepLatestArtifact Boolean
    Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
    localMarkdownVersion Number
    Increase this value when any cached Markdown should be invalidated.
    mailgunEventsEnabled Boolean
    Enable Mailgun event receiver.
    mailgunSigningKey String
    The Mailgun HTTP webhook signing key for receiving events from webhook.
    maintenanceMode Boolean
    When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
    maintenanceModeMessage String
    Message displayed when instance is in maintenance mode.
    maxArtifactsSize Number
    Maximum artifacts size in MB.
    maxAttachmentSize Number
    Limit attachment size in MB.
    maxExportSize Number
    Maximum export size in MB. 0 for unlimited.
    maxImportSize Number
    Maximum import size in MB. 0 for unlimited.
    maxNumberOfRepositoryDownloads Number
    Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
    maxNumberOfRepositoryDownloadsWithinTimePeriod Number
    Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
    maxPagesSize Number
    Maximum size of pages repositories in MB.
    maxPersonalAccessTokenLifetime Number
    Maximum allowable lifetime for access tokens in days.
    maxSshKeyLifetime Number
    Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
    metricsMethodCallThreshold Number
    A method call is only tracked when it takes longer than the given amount of milliseconds.
    mirrorAvailable Boolean
    Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
    mirrorCapacityThreshold Number
    Minimum capacity to be available before scheduling more mirrors preemptively.
    mirrorMaxCapacity Number
    Maximum number of mirrors that can be synchronizing at the same time.
    mirrorMaxDelay Number
    Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
    npmPackageRequestsForwarding Boolean
    Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
    outboundLocalRequestsWhitelists List<String>
    Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
    packageRegistryCleanupPoliciesWorkerCapacity Number
    Number of workers assigned to the packages cleanup policies.
    pagesDomainVerificationEnabled Boolean
    Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
    passwordAuthenticationEnabledForGit Boolean
    Enable authentication for Git over HTTP(S) via a GitLab account password.
    passwordAuthenticationEnabledForWeb Boolean
    Enable authentication for the web interface via a GitLab account password.
    passwordLowercaseRequired Boolean
    Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
    passwordNumberRequired Boolean
    Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
    passwordSymbolRequired Boolean
    Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
    passwordUppercaseRequired Boolean
    Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
    performanceBarAllowedGroupPath String
    Path of the group that is allowed to toggle the performance bar.
    personalAccessTokenPrefix String
    Prefix for all generated personal access tokens.
    pipelineLimitPerProjectUserSha Number
    Maximum number of pipeline creation requests per minute per user and commit.
    plantumlEnabled Boolean
    (If enabled, requires: plantuml_url) Enable PlantUML integration.
    plantumlUrl String
    The PlantUML instance URL for integration.
    pollingIntervalMultiplier Number
    Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
    projectExportEnabled Boolean
    Enable project export.
    prometheusMetricsEnabled Boolean
    Enable Prometheus metrics.
    protectedCiVariables Boolean
    CI/CD variables are protected by default.
    pushEventActivitiesLimit Number
    Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
    pushEventHooksLimit Number
    Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
    pypiPackageRequestsForwarding Boolean
    Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
    rateLimitingResponseText String
    When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
    rawBlobRequestLimit Number
    Max number of requests per minute for each raw path. To disable throttling set to 0.
    recaptchaEnabled Boolean
    (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
    recaptchaPrivateKey String
    Private key for reCAPTCHA.
    recaptchaSiteKey String
    Site key for reCAPTCHA.
    receiveMaxInputSize Number
    Maximum push size (MB).
    repositoryChecksEnabled Boolean
    GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
    repositorySizeLimit Number
    Size limit per repository (MB).
    repositoryStorages List<String>
    (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
    repositoryStoragesWeighted Map<Number>
    (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
    requireAdminApprovalAfterUserSignup Boolean
    When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
    requireTwoFactorAuthentication Boolean
    (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
    restrictedVisibilityLevels List<String>
    Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
    rsaKeyRestriction Number
    The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
    searchRateLimit Number
    Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
    searchRateLimitUnauthenticated Number
    Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
    sendUserConfirmationEmail Boolean
    Send confirmation email on sign-up.
    sessionExpireDelay Number
    Session duration in minutes. GitLab restart is required to apply changes.
    sharedRunnersEnabled Boolean
    (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
    sharedRunnersMinutes Number
    Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
    sharedRunnersText String
    Shared runners text.
    sidekiqJobLimiterCompressionThresholdBytes Number
    The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
    sidekiqJobLimiterLimitBytes Number
    The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
    sidekiqJobLimiterMode String
    track or compress. Sets the behavior for Sidekiq job size limits.
    signInText String
    Text on the login page.
    signupEnabled Boolean
    Enable registration.
    slackAppEnabled Boolean
    (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
    slackAppId String
    The app ID of the Slack-app.
    slackAppSecret String
    The app secret of the Slack-app.
    slackAppSigningSecret String
    The signing secret of the Slack-app.
    slackAppVerificationToken String
    The verification token of the Slack-app.
    snippetSizeLimit Number
    Max snippet content size in bytes.
    snowplowAppId String
    The Snowplow site name / application ID. (for example, gitlab)
    snowplowCollectorHostname String
    The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
    snowplowCookieDomain String
    The Snowplow cookie domain. (for example, .gitlab.com)
    snowplowEnabled Boolean
    Enable snowplow tracking.
    sourcegraphEnabled Boolean
    Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
    sourcegraphPublicOnly Boolean
    Blocks Sourcegraph from being loaded on private and internal projects.
    sourcegraphUrl String
    The Sourcegraph instance URL for integration.
    spamCheckApiKey String
    API key used by GitLab for accessing the Spam Check service endpoint.
    spamCheckEndpointEnabled Boolean
    Enables spam checking using external Spam Check API endpoint.
    spamCheckEndpointUrl String
    URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
    suggestPipelineEnabled Boolean
    Enable pipeline suggestion banner.
    terminalMaxSessionTime Number
    Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
    terms String
    (Required by: enforce_terms) Markdown content for the ToS.
    throttleAuthenticatedApiEnabled Boolean
    (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleAuthenticatedApiPeriodInSeconds Number
    Rate limit period (in seconds).
    throttleAuthenticatedApiRequestsPerPeriod Number
    Maximum requests per period per user.
    throttleAuthenticatedPackagesApiEnabled Boolean
    (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    throttleAuthenticatedPackagesApiPeriodInSeconds Number
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    throttleAuthenticatedPackagesApiRequestsPerPeriod Number
    Maximum requests per period per user. View Package Registry rate limits for more details.
    throttleAuthenticatedWebEnabled Boolean
    (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleAuthenticatedWebPeriodInSeconds Number
    Rate limit period (in seconds).
    throttleAuthenticatedWebRequestsPerPeriod Number
    Maximum requests per period per user.
    throttleUnauthenticatedApiEnabled Boolean
    (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleUnauthenticatedApiPeriodInSeconds Number
    Rate limit period in seconds.
    throttleUnauthenticatedApiRequestsPerPeriod Number
    Max requests per period per IP.
    throttleUnauthenticatedPackagesApiEnabled Boolean
    (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    throttleUnauthenticatedPackagesApiPeriodInSeconds Number
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    throttleUnauthenticatedPackagesApiRequestsPerPeriod Number
    Maximum requests per period per user. View Package Registry rate limits for more details.
    throttleUnauthenticatedWebEnabled Boolean
    (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleUnauthenticatedWebPeriodInSeconds Number
    Rate limit period in seconds.
    throttleUnauthenticatedWebRequestsPerPeriod Number
    Max requests per period per IP.
    timeTrackingLimitToHours Boolean
    Limit display of time tracking units to hours.
    twoFactorGracePeriod Number
    Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
    uniqueIpsLimitEnabled Boolean
    (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
    uniqueIpsLimitPerUser Number
    Maximum number of IPs per user.
    uniqueIpsLimitTimeWindow Number
    How many seconds an IP is counted towards the limit.
    usagePingEnabled Boolean
    Every week GitLab reports license usage back to GitLab, Inc.
    userDeactivationEmailsEnabled Boolean
    Send an email to users upon account deactivation.
    userDefaultExternal Boolean
    Newly registered users are external by default.
    userDefaultInternalRegex String
    Specify an email address regex pattern to identify default internal users.
    userOauthApplications Boolean
    Allow users to register any application to use GitLab as an OAuth provider.
    userShowAddSshKeyMessage Boolean
    When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
    versionCheckEnabled Boolean
    Let GitLab inform you when an update is available.
    webIdeClientsidePreviewEnabled Boolean
    Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
    whatsNewVariant String
    What’s new variant, possible values: alltiers, currenttier, and disabled.
    wikiPageMaxContentBytes Number
    Maximum wiki page content size in bytes. The minimum value is 1024 bytes.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ApplicationSettings resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing ApplicationSettings Resource

    Get an existing ApplicationSettings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ApplicationSettingsState, opts?: CustomResourceOptions): ApplicationSettings
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            abuse_notification_email: Optional[str] = None,
            admin_mode: Optional[bool] = None,
            after_sign_out_path: Optional[str] = None,
            after_sign_up_text: Optional[str] = None,
            akismet_api_key: Optional[str] = None,
            akismet_enabled: Optional[bool] = None,
            allow_group_owners_to_manage_ldap: Optional[bool] = None,
            allow_local_requests_from_system_hooks: Optional[bool] = None,
            allow_local_requests_from_web_hooks_and_services: Optional[bool] = None,
            archive_builds_in_human_readable: Optional[str] = None,
            asset_proxy_allowlists: Optional[Sequence[str]] = None,
            asset_proxy_enabled: Optional[bool] = None,
            asset_proxy_secret_key: Optional[str] = None,
            asset_proxy_url: Optional[str] = None,
            authorized_keys_enabled: Optional[bool] = None,
            auto_devops_domain: Optional[str] = None,
            auto_devops_enabled: Optional[bool] = None,
            automatic_purchased_storage_allocation: Optional[bool] = None,
            can_create_group: Optional[bool] = None,
            check_namespace_plan: Optional[bool] = None,
            commit_email_hostname: Optional[str] = None,
            container_expiration_policies_enable_historic_entries: Optional[bool] = None,
            container_registry_cleanup_tags_service_max_list_size: Optional[int] = None,
            container_registry_delete_tags_service_timeout: Optional[int] = None,
            container_registry_expiration_policies_caching: Optional[bool] = None,
            container_registry_expiration_policies_worker_capacity: Optional[int] = None,
            container_registry_token_expire_delay: Optional[int] = None,
            deactivate_dormant_users: Optional[bool] = None,
            default_artifacts_expire_in: Optional[str] = None,
            default_branch_name: Optional[str] = None,
            default_branch_protection: Optional[int] = None,
            default_ci_config_path: Optional[str] = None,
            default_group_visibility: Optional[str] = None,
            default_project_creation: Optional[int] = None,
            default_project_visibility: Optional[str] = None,
            default_projects_limit: Optional[int] = None,
            default_snippet_visibility: Optional[str] = None,
            delete_inactive_projects: Optional[bool] = None,
            deletion_adjourned_period: Optional[int] = None,
            diff_max_files: Optional[int] = None,
            diff_max_lines: Optional[int] = None,
            diff_max_patch_bytes: Optional[int] = None,
            disable_feed_token: Optional[bool] = None,
            disabled_oauth_sign_in_sources: Optional[Sequence[str]] = None,
            dns_rebinding_protection_enabled: Optional[bool] = None,
            domain_allowlists: Optional[Sequence[str]] = None,
            domain_denylist_enabled: Optional[bool] = None,
            domain_denylists: Optional[Sequence[str]] = None,
            dsa_key_restriction: Optional[int] = None,
            ecdsa_key_restriction: Optional[int] = None,
            ecdsa_sk_key_restriction: Optional[int] = None,
            ed25519_key_restriction: Optional[int] = None,
            ed25519_sk_key_restriction: Optional[int] = None,
            eks_access_key_id: Optional[str] = None,
            eks_account_id: Optional[str] = None,
            eks_integration_enabled: Optional[bool] = None,
            eks_secret_access_key: Optional[str] = None,
            elasticsearch_aws: Optional[bool] = None,
            elasticsearch_aws_access_key: Optional[str] = None,
            elasticsearch_aws_region: Optional[str] = None,
            elasticsearch_aws_secret_access_key: Optional[str] = None,
            elasticsearch_indexed_field_length_limit: Optional[int] = None,
            elasticsearch_indexed_file_size_limit_kb: Optional[int] = None,
            elasticsearch_indexing: Optional[bool] = None,
            elasticsearch_limit_indexing: Optional[bool] = None,
            elasticsearch_max_bulk_concurrency: Optional[int] = None,
            elasticsearch_max_bulk_size_mb: Optional[int] = None,
            elasticsearch_namespace_ids: Optional[Sequence[int]] = None,
            elasticsearch_password: Optional[str] = None,
            elasticsearch_project_ids: Optional[Sequence[int]] = None,
            elasticsearch_search: Optional[bool] = None,
            elasticsearch_urls: Optional[Sequence[str]] = None,
            elasticsearch_username: Optional[str] = None,
            email_additional_text: Optional[str] = None,
            email_author_in_body: Optional[bool] = None,
            enabled_git_access_protocol: Optional[str] = None,
            enforce_namespace_storage_limit: Optional[bool] = None,
            enforce_terms: Optional[bool] = None,
            external_auth_client_cert: Optional[str] = None,
            external_auth_client_key: Optional[str] = None,
            external_auth_client_key_pass: Optional[str] = None,
            external_authorization_service_default_label: Optional[str] = None,
            external_authorization_service_enabled: Optional[bool] = None,
            external_authorization_service_timeout: Optional[float] = None,
            external_authorization_service_url: Optional[str] = None,
            external_pipeline_validation_service_timeout: Optional[int] = None,
            external_pipeline_validation_service_token: Optional[str] = None,
            external_pipeline_validation_service_url: Optional[str] = None,
            file_template_project_id: Optional[int] = None,
            first_day_of_week: Optional[int] = None,
            geo_node_allowed_ips: Optional[str] = None,
            geo_status_timeout: Optional[int] = None,
            git_rate_limit_users_allowlists: Optional[Sequence[str]] = None,
            git_two_factor_session_expiry: Optional[int] = None,
            gitaly_timeout_default: Optional[int] = None,
            gitaly_timeout_fast: Optional[int] = None,
            gitaly_timeout_medium: Optional[int] = None,
            grafana_enabled: Optional[bool] = None,
            grafana_url: Optional[str] = None,
            gravatar_enabled: Optional[bool] = None,
            group_owners_can_manage_default_branch_protection: Optional[bool] = None,
            hashed_storage_enabled: Optional[bool] = None,
            help_page_hide_commercial_content: Optional[bool] = None,
            help_page_support_url: Optional[str] = None,
            help_page_text: Optional[str] = None,
            help_text: Optional[str] = None,
            hide_third_party_offers: Optional[bool] = None,
            home_page_url: Optional[str] = None,
            housekeeping_enabled: Optional[bool] = None,
            housekeeping_full_repack_period: Optional[int] = None,
            housekeeping_gc_period: Optional[int] = None,
            housekeeping_incremental_repack_period: Optional[int] = None,
            housekeeping_optimize_repository_period: Optional[int] = None,
            html_emails_enabled: Optional[bool] = None,
            import_sources: Optional[Sequence[str]] = None,
            in_product_marketing_emails_enabled: Optional[bool] = None,
            inactive_projects_delete_after_months: Optional[int] = None,
            inactive_projects_min_size_mb: Optional[int] = None,
            inactive_projects_send_warning_email_after_months: Optional[int] = None,
            invisible_captcha_enabled: Optional[bool] = None,
            issues_create_limit: Optional[int] = None,
            keep_latest_artifact: Optional[bool] = None,
            local_markdown_version: Optional[int] = None,
            mailgun_events_enabled: Optional[bool] = None,
            mailgun_signing_key: Optional[str] = None,
            maintenance_mode: Optional[bool] = None,
            maintenance_mode_message: Optional[str] = None,
            max_artifacts_size: Optional[int] = None,
            max_attachment_size: Optional[int] = None,
            max_export_size: Optional[int] = None,
            max_import_size: Optional[int] = None,
            max_number_of_repository_downloads: Optional[int] = None,
            max_number_of_repository_downloads_within_time_period: Optional[int] = None,
            max_pages_size: Optional[int] = None,
            max_personal_access_token_lifetime: Optional[int] = None,
            max_ssh_key_lifetime: Optional[int] = None,
            metrics_method_call_threshold: Optional[int] = None,
            mirror_available: Optional[bool] = None,
            mirror_capacity_threshold: Optional[int] = None,
            mirror_max_capacity: Optional[int] = None,
            mirror_max_delay: Optional[int] = None,
            npm_package_requests_forwarding: Optional[bool] = None,
            outbound_local_requests_whitelists: Optional[Sequence[str]] = None,
            package_registry_cleanup_policies_worker_capacity: Optional[int] = None,
            pages_domain_verification_enabled: Optional[bool] = None,
            password_authentication_enabled_for_git: Optional[bool] = None,
            password_authentication_enabled_for_web: Optional[bool] = None,
            password_lowercase_required: Optional[bool] = None,
            password_number_required: Optional[bool] = None,
            password_symbol_required: Optional[bool] = None,
            password_uppercase_required: Optional[bool] = None,
            performance_bar_allowed_group_path: Optional[str] = None,
            personal_access_token_prefix: Optional[str] = None,
            pipeline_limit_per_project_user_sha: Optional[int] = None,
            plantuml_enabled: Optional[bool] = None,
            plantuml_url: Optional[str] = None,
            polling_interval_multiplier: Optional[float] = None,
            project_export_enabled: Optional[bool] = None,
            prometheus_metrics_enabled: Optional[bool] = None,
            protected_ci_variables: Optional[bool] = None,
            push_event_activities_limit: Optional[int] = None,
            push_event_hooks_limit: Optional[int] = None,
            pypi_package_requests_forwarding: Optional[bool] = None,
            rate_limiting_response_text: Optional[str] = None,
            raw_blob_request_limit: Optional[int] = None,
            recaptcha_enabled: Optional[bool] = None,
            recaptcha_private_key: Optional[str] = None,
            recaptcha_site_key: Optional[str] = None,
            receive_max_input_size: Optional[int] = None,
            repository_checks_enabled: Optional[bool] = None,
            repository_size_limit: Optional[int] = None,
            repository_storages: Optional[Sequence[str]] = None,
            repository_storages_weighted: Optional[Mapping[str, int]] = None,
            require_admin_approval_after_user_signup: Optional[bool] = None,
            require_two_factor_authentication: Optional[bool] = None,
            restricted_visibility_levels: Optional[Sequence[str]] = None,
            rsa_key_restriction: Optional[int] = None,
            search_rate_limit: Optional[int] = None,
            search_rate_limit_unauthenticated: Optional[int] = None,
            send_user_confirmation_email: Optional[bool] = None,
            session_expire_delay: Optional[int] = None,
            shared_runners_enabled: Optional[bool] = None,
            shared_runners_minutes: Optional[int] = None,
            shared_runners_text: Optional[str] = None,
            sidekiq_job_limiter_compression_threshold_bytes: Optional[int] = None,
            sidekiq_job_limiter_limit_bytes: Optional[int] = None,
            sidekiq_job_limiter_mode: Optional[str] = None,
            sign_in_text: Optional[str] = None,
            signup_enabled: Optional[bool] = None,
            slack_app_enabled: Optional[bool] = None,
            slack_app_id: Optional[str] = None,
            slack_app_secret: Optional[str] = None,
            slack_app_signing_secret: Optional[str] = None,
            slack_app_verification_token: Optional[str] = None,
            snippet_size_limit: Optional[int] = None,
            snowplow_app_id: Optional[str] = None,
            snowplow_collector_hostname: Optional[str] = None,
            snowplow_cookie_domain: Optional[str] = None,
            snowplow_enabled: Optional[bool] = None,
            sourcegraph_enabled: Optional[bool] = None,
            sourcegraph_public_only: Optional[bool] = None,
            sourcegraph_url: Optional[str] = None,
            spam_check_api_key: Optional[str] = None,
            spam_check_endpoint_enabled: Optional[bool] = None,
            spam_check_endpoint_url: Optional[str] = None,
            suggest_pipeline_enabled: Optional[bool] = None,
            terminal_max_session_time: Optional[int] = None,
            terms: Optional[str] = None,
            throttle_authenticated_api_enabled: Optional[bool] = None,
            throttle_authenticated_api_period_in_seconds: Optional[int] = None,
            throttle_authenticated_api_requests_per_period: Optional[int] = None,
            throttle_authenticated_packages_api_enabled: Optional[bool] = None,
            throttle_authenticated_packages_api_period_in_seconds: Optional[int] = None,
            throttle_authenticated_packages_api_requests_per_period: Optional[int] = None,
            throttle_authenticated_web_enabled: Optional[bool] = None,
            throttle_authenticated_web_period_in_seconds: Optional[int] = None,
            throttle_authenticated_web_requests_per_period: Optional[int] = None,
            throttle_unauthenticated_api_enabled: Optional[bool] = None,
            throttle_unauthenticated_api_period_in_seconds: Optional[int] = None,
            throttle_unauthenticated_api_requests_per_period: Optional[int] = None,
            throttle_unauthenticated_packages_api_enabled: Optional[bool] = None,
            throttle_unauthenticated_packages_api_period_in_seconds: Optional[int] = None,
            throttle_unauthenticated_packages_api_requests_per_period: Optional[int] = None,
            throttle_unauthenticated_web_enabled: Optional[bool] = None,
            throttle_unauthenticated_web_period_in_seconds: Optional[int] = None,
            throttle_unauthenticated_web_requests_per_period: Optional[int] = None,
            time_tracking_limit_to_hours: Optional[bool] = None,
            two_factor_grace_period: Optional[int] = None,
            unique_ips_limit_enabled: Optional[bool] = None,
            unique_ips_limit_per_user: Optional[int] = None,
            unique_ips_limit_time_window: Optional[int] = None,
            usage_ping_enabled: Optional[bool] = None,
            user_deactivation_emails_enabled: Optional[bool] = None,
            user_default_external: Optional[bool] = None,
            user_default_internal_regex: Optional[str] = None,
            user_oauth_applications: Optional[bool] = None,
            user_show_add_ssh_key_message: Optional[bool] = None,
            version_check_enabled: Optional[bool] = None,
            web_ide_clientside_preview_enabled: Optional[bool] = None,
            whats_new_variant: Optional[str] = None,
            wiki_page_max_content_bytes: Optional[int] = None) -> ApplicationSettings
    func GetApplicationSettings(ctx *Context, name string, id IDInput, state *ApplicationSettingsState, opts ...ResourceOption) (*ApplicationSettings, error)
    public static ApplicationSettings Get(string name, Input<string> id, ApplicationSettingsState? state, CustomResourceOptions? opts = null)
    public static ApplicationSettings get(String name, Output<String> id, ApplicationSettingsState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AbuseNotificationEmail string
    If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
    AdminMode bool
    Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
    AfterSignOutPath string
    Where to redirect users after logout.
    AfterSignUpText string
    Text shown to the user after signing up.
    AkismetApiKey string
    API key for Akismet spam protection.
    AkismetEnabled bool
    (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
    AllowGroupOwnersToManageLdap bool
    Set to true to allow group owners to manage LDAP.
    AllowLocalRequestsFromSystemHooks bool
    Allow requests to the local network from system hooks.
    AllowLocalRequestsFromWebHooksAndServices bool
    Allow requests to the local network from web hooks and services.
    ArchiveBuildsInHumanReadable string
    Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
    AssetProxyAllowlists List<string>
    Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
    AssetProxyEnabled bool
    (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
    AssetProxySecretKey string
    Shared secret with the asset proxy server. GitLab restart is required to apply changes.
    AssetProxyUrl string
    URL of the asset proxy server. GitLab restart is required to apply changes.
    AuthorizedKeysEnabled bool
    By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
    AutoDevopsDomain string
    Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
    AutoDevopsEnabled bool
    Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
    AutomaticPurchasedStorageAllocation bool
    Enabling this permits automatic allocation of purchased storage in a namespace.
    CanCreateGroup bool
    Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
    CheckNamespacePlan bool
    Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
    CommitEmailHostname string
    Custom hostname (for private commit emails).
    ContainerExpirationPoliciesEnableHistoricEntries bool
    Enable cleanup policies for all projects.
    ContainerRegistryCleanupTagsServiceMaxListSize int
    The maximum number of tags that can be deleted in a single execution of cleanup policies.
    ContainerRegistryDeleteTagsServiceTimeout int
    The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
    ContainerRegistryExpirationPoliciesCaching bool
    Caching during the execution of cleanup policies.
    ContainerRegistryExpirationPoliciesWorkerCapacity int
    Number of workers for cleanup policies.
    ContainerRegistryTokenExpireDelay int
    Container Registry token duration in minutes.
    DeactivateDormantUsers bool
    Enable automatic deactivation of dormant users.
    DefaultArtifactsExpireIn string
    Set the default expiration time for each job’s artifacts.
    DefaultBranchName string
    Instance-level custom initial branch name (introduced in GitLab 13.2).
    DefaultBranchProtection int
    Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
    DefaultCiConfigPath string
    Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
    DefaultGroupVisibility string
    What visibility level new groups receive. Can take private, internal and public as a parameter.
    DefaultProjectCreation int
    Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
    DefaultProjectVisibility string
    What visibility level new projects receive. Can take private, internal and public as a parameter.
    DefaultProjectsLimit int
    Project limit per user.
    DefaultSnippetVisibility string
    What visibility level new snippets receive. Can take private, internal and public as a parameter.
    DeleteInactiveProjects bool
    Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
    DeletionAdjournedPeriod int
    The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
    DiffMaxFiles int
    Maximum files in a diff.
    DiffMaxLines int
    Maximum lines in a diff.
    DiffMaxPatchBytes int
    Maximum diff patch size, in bytes.
    DisableFeedToken bool
    Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
    DisabledOauthSignInSources List<string>
    Disabled OAuth sign-in sources.
    DnsRebindingProtectionEnabled bool
    Enforce DNS rebinding attack protection.
    DomainAllowlists List<string>
    Force people to use only corporate emails for sign-up. Null means there is no restriction.
    DomainDenylistEnabled bool
    (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
    DomainDenylists List<string>
    Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
    DsaKeyRestriction int
    The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
    EcdsaKeyRestriction int
    The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
    EcdsaSkKeyRestriction int
    The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
    Ed25519KeyRestriction int
    The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
    Ed25519SkKeyRestriction int
    The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
    EksAccessKeyId string
    AWS IAM access key ID.
    EksAccountId string
    Amazon account ID.
    EksIntegrationEnabled bool
    Enable integration with Amazon EKS.
    EksSecretAccessKey string
    AWS IAM secret access key.
    ElasticsearchAws bool
    Enable the use of AWS hosted Elasticsearch.
    ElasticsearchAwsAccessKey string
    AWS IAM access key.
    ElasticsearchAwsRegion string
    The AWS region the Elasticsearch domain is configured.
    ElasticsearchAwsSecretAccessKey string
    AWS IAM secret access key.
    ElasticsearchIndexedFieldLengthLimit int
    Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
    ElasticsearchIndexedFileSizeLimitKb int
    Maximum size of repository and wiki files that are indexed by Elasticsearch.
    ElasticsearchIndexing bool
    Enable Elasticsearch indexing.
    ElasticsearchLimitIndexing bool
    Limit Elasticsearch to index certain namespaces and projects.
    ElasticsearchMaxBulkConcurrency int
    Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
    ElasticsearchMaxBulkSizeMb int
    Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
    ElasticsearchNamespaceIds List<int>
    The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    ElasticsearchPassword string
    The password of your Elasticsearch instance.
    ElasticsearchProjectIds List<int>
    The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    ElasticsearchSearch bool
    Enable Elasticsearch search.
    ElasticsearchUrls List<string>
    The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
    ElasticsearchUsername string
    The username of your Elasticsearch instance.
    EmailAdditionalText string
    Additional text added to the bottom of every email for legal/auditing/compliance reasons.
    EmailAuthorInBody bool
    Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
    EnabledGitAccessProtocol string
    Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
    EnforceNamespaceStorageLimit bool
    Enabling this permits enforcement of namespace storage limits.
    EnforceTerms bool
    (If enabled, requires: terms) Enforce application ToS to all users.
    ExternalAuthClientCert string
    (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
    ExternalAuthClientKey string
    Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
    ExternalAuthClientKeyPass string
    Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
    ExternalAuthorizationServiceDefaultLabel string
    The default classification label to use when requesting authorization and no classification label has been specified on the project.
    ExternalAuthorizationServiceEnabled bool
    (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
    ExternalAuthorizationServiceTimeout double
    The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
    ExternalAuthorizationServiceUrl string
    URL to which authorization requests are directed.
    ExternalPipelineValidationServiceTimeout int
    How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
    ExternalPipelineValidationServiceToken string
    Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
    ExternalPipelineValidationServiceUrl string
    URL to use for pipeline validation requests.
    FileTemplateProjectId int
    The ID of a project to load custom file templates from.
    FirstDayOfWeek int
    Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
    GeoNodeAllowedIps string
    Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
    GeoStatusTimeout int
    The amount of seconds after which a request to get a secondary node status times out.
    GitRateLimitUsersAllowlists List<string>
    List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
    GitTwoFactorSessionExpiry int
    Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
    GitalyTimeoutDefault int
    Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
    GitalyTimeoutFast int
    Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
    GitalyTimeoutMedium int
    Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
    GrafanaEnabled bool
    Enable Grafana.
    GrafanaUrl string
    Grafana URL.
    GravatarEnabled bool
    Enable Gravatar.
    GroupOwnersCanManageDefaultBranchProtection bool
    Prevent overrides of default branch protection.
    HashedStorageEnabled bool
    Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
    HelpPageHideCommercialContent bool
    Hide marketing-related entries from help.
    HelpPageSupportUrl string
    Alternate support URL for help page and help dropdown.
    HelpPageText string
    Custom text displayed on the help page.
    HelpText string
    GitLab server administrator information.
    HideThirdPartyOffers bool
    Do not display offers from third parties in GitLab.
    HomePageUrl string
    Redirect to this URL when not logged in.
    HousekeepingEnabled bool
    Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
    HousekeepingFullRepackPeriod int
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_full_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    HousekeepingGcPeriod int
    Number of Git pushes after which git gc is run.

    Deprecated:housekeeping_gc_period is deprecated. Use housekeeping_optimize_repository_period instead.

    HousekeepingIncrementalRepackPeriod int
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_incremental_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    HousekeepingOptimizeRepositoryPeriod int
    Number of Git pushes after which an incremental git repack is run.
    HtmlEmailsEnabled bool
    Enable HTML emails.
    ImportSources List<string>
    Sources to allow project import from. Valid values are: github, bitbucket, bitbucket_server, fogbugz, git, gitlab.Project, gitea, manifest
    InProductMarketingEmailsEnabled bool
    Enable in-product marketing emails.
    InactiveProjectsDeleteAfterMonths int
    If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    InactiveProjectsMinSizeMb int
    If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    InactiveProjectsSendWarningEmailAfterMonths int
    If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    InvisibleCaptchaEnabled bool
    Enable Invisible CAPTCHA spam detection during sign-up.
    IssuesCreateLimit int
    Max number of issue creation requests per minute per user.
    KeepLatestArtifact bool
    Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
    LocalMarkdownVersion int
    Increase this value when any cached Markdown should be invalidated.
    MailgunEventsEnabled bool
    Enable Mailgun event receiver.
    MailgunSigningKey string
    The Mailgun HTTP webhook signing key for receiving events from webhook.
    MaintenanceMode bool
    When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
    MaintenanceModeMessage string
    Message displayed when instance is in maintenance mode.
    MaxArtifactsSize int
    Maximum artifacts size in MB.
    MaxAttachmentSize int
    Limit attachment size in MB.
    MaxExportSize int
    Maximum export size in MB. 0 for unlimited.
    MaxImportSize int
    Maximum import size in MB. 0 for unlimited.
    MaxNumberOfRepositoryDownloads int
    Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
    MaxNumberOfRepositoryDownloadsWithinTimePeriod int
    Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
    MaxPagesSize int
    Maximum size of pages repositories in MB.
    MaxPersonalAccessTokenLifetime int
    Maximum allowable lifetime for access tokens in days.
    MaxSshKeyLifetime int
    Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
    MetricsMethodCallThreshold int
    A method call is only tracked when it takes longer than the given amount of milliseconds.
    MirrorAvailable bool
    Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
    MirrorCapacityThreshold int
    Minimum capacity to be available before scheduling more mirrors preemptively.
    MirrorMaxCapacity int
    Maximum number of mirrors that can be synchronizing at the same time.
    MirrorMaxDelay int
    Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
    NpmPackageRequestsForwarding bool
    Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
    OutboundLocalRequestsWhitelists List<string>
    Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
    PackageRegistryCleanupPoliciesWorkerCapacity int
    Number of workers assigned to the packages cleanup policies.
    PagesDomainVerificationEnabled bool
    Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
    PasswordAuthenticationEnabledForGit bool
    Enable authentication for Git over HTTP(S) via a GitLab account password.
    PasswordAuthenticationEnabledForWeb bool
    Enable authentication for the web interface via a GitLab account password.
    PasswordLowercaseRequired bool
    Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
    PasswordNumberRequired bool
    Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
    PasswordSymbolRequired bool
    Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
    PasswordUppercaseRequired bool
    Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
    PerformanceBarAllowedGroupPath string
    Path of the group that is allowed to toggle the performance bar.
    PersonalAccessTokenPrefix string
    Prefix for all generated personal access tokens.
    PipelineLimitPerProjectUserSha int
    Maximum number of pipeline creation requests per minute per user and commit.
    PlantumlEnabled bool
    (If enabled, requires: plantuml_url) Enable PlantUML integration.
    PlantumlUrl string
    The PlantUML instance URL for integration.
    PollingIntervalMultiplier double
    Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
    ProjectExportEnabled bool
    Enable project export.
    PrometheusMetricsEnabled bool
    Enable Prometheus metrics.
    ProtectedCiVariables bool
    CI/CD variables are protected by default.
    PushEventActivitiesLimit int
    Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
    PushEventHooksLimit int
    Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
    PypiPackageRequestsForwarding bool
    Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
    RateLimitingResponseText string
    When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
    RawBlobRequestLimit int
    Max number of requests per minute for each raw path. To disable throttling set to 0.
    RecaptchaEnabled bool
    (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
    RecaptchaPrivateKey string
    Private key for reCAPTCHA.
    RecaptchaSiteKey string
    Site key for reCAPTCHA.
    ReceiveMaxInputSize int
    Maximum push size (MB).
    RepositoryChecksEnabled bool
    GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
    RepositorySizeLimit int
    Size limit per repository (MB).
    RepositoryStorages List<string>
    (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
    RepositoryStoragesWeighted Dictionary<string, int>
    (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
    RequireAdminApprovalAfterUserSignup bool
    When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
    RequireTwoFactorAuthentication bool
    (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
    RestrictedVisibilityLevels List<string>
    Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
    RsaKeyRestriction int
    The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
    SearchRateLimit int
    Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
    SearchRateLimitUnauthenticated int
    Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
    SendUserConfirmationEmail bool
    Send confirmation email on sign-up.
    SessionExpireDelay int
    Session duration in minutes. GitLab restart is required to apply changes.
    SharedRunnersEnabled bool
    (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
    SharedRunnersMinutes int
    Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
    SharedRunnersText string
    Shared runners text.
    SidekiqJobLimiterCompressionThresholdBytes int
    The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
    SidekiqJobLimiterLimitBytes int
    The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
    SidekiqJobLimiterMode string
    track or compress. Sets the behavior for Sidekiq job size limits.
    SignInText string
    Text on the login page.
    SignupEnabled bool
    Enable registration.
    SlackAppEnabled bool
    (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
    SlackAppId string
    The app ID of the Slack-app.
    SlackAppSecret string
    The app secret of the Slack-app.
    SlackAppSigningSecret string
    The signing secret of the Slack-app.
    SlackAppVerificationToken string
    The verification token of the Slack-app.
    SnippetSizeLimit int
    Max snippet content size in bytes.
    SnowplowAppId string
    The Snowplow site name / application ID. (for example, gitlab)
    SnowplowCollectorHostname string
    The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
    SnowplowCookieDomain string
    The Snowplow cookie domain. (for example, .gitlab.com)
    SnowplowEnabled bool
    Enable snowplow tracking.
    SourcegraphEnabled bool
    Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
    SourcegraphPublicOnly bool
    Blocks Sourcegraph from being loaded on private and internal projects.
    SourcegraphUrl string
    The Sourcegraph instance URL for integration.
    SpamCheckApiKey string
    API key used by GitLab for accessing the Spam Check service endpoint.
    SpamCheckEndpointEnabled bool
    Enables spam checking using external Spam Check API endpoint.
    SpamCheckEndpointUrl string
    URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
    SuggestPipelineEnabled bool
    Enable pipeline suggestion banner.
    TerminalMaxSessionTime int
    Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
    Terms string
    (Required by: enforce_terms) Markdown content for the ToS.
    ThrottleAuthenticatedApiEnabled bool
    (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    ThrottleAuthenticatedApiPeriodInSeconds int
    Rate limit period (in seconds).
    ThrottleAuthenticatedApiRequestsPerPeriod int
    Maximum requests per period per user.
    ThrottleAuthenticatedPackagesApiEnabled bool
    (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    ThrottleAuthenticatedPackagesApiPeriodInSeconds int
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    ThrottleAuthenticatedPackagesApiRequestsPerPeriod int
    Maximum requests per period per user. View Package Registry rate limits for more details.
    ThrottleAuthenticatedWebEnabled bool
    (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    ThrottleAuthenticatedWebPeriodInSeconds int
    Rate limit period (in seconds).
    ThrottleAuthenticatedWebRequestsPerPeriod int
    Maximum requests per period per user.
    ThrottleUnauthenticatedApiEnabled bool
    (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    ThrottleUnauthenticatedApiPeriodInSeconds int
    Rate limit period in seconds.
    ThrottleUnauthenticatedApiRequestsPerPeriod int
    Max requests per period per IP.
    ThrottleUnauthenticatedPackagesApiEnabled bool
    (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    ThrottleUnauthenticatedPackagesApiPeriodInSeconds int
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    ThrottleUnauthenticatedPackagesApiRequestsPerPeriod int
    Maximum requests per period per user. View Package Registry rate limits for more details.
    ThrottleUnauthenticatedWebEnabled bool
    (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    ThrottleUnauthenticatedWebPeriodInSeconds int
    Rate limit period in seconds.
    ThrottleUnauthenticatedWebRequestsPerPeriod int
    Max requests per period per IP.
    TimeTrackingLimitToHours bool
    Limit display of time tracking units to hours.
    TwoFactorGracePeriod int
    Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
    UniqueIpsLimitEnabled bool
    (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
    UniqueIpsLimitPerUser int
    Maximum number of IPs per user.
    UniqueIpsLimitTimeWindow int
    How many seconds an IP is counted towards the limit.
    UsagePingEnabled bool
    Every week GitLab reports license usage back to GitLab, Inc.
    UserDeactivationEmailsEnabled bool
    Send an email to users upon account deactivation.
    UserDefaultExternal bool
    Newly registered users are external by default.
    UserDefaultInternalRegex string
    Specify an email address regex pattern to identify default internal users.
    UserOauthApplications bool
    Allow users to register any application to use GitLab as an OAuth provider.
    UserShowAddSshKeyMessage bool
    When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
    VersionCheckEnabled bool
    Let GitLab inform you when an update is available.
    WebIdeClientsidePreviewEnabled bool
    Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
    WhatsNewVariant string
    What’s new variant, possible values: alltiers, currenttier, and disabled.
    WikiPageMaxContentBytes int
    Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
    AbuseNotificationEmail string
    If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
    AdminMode bool
    Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
    AfterSignOutPath string
    Where to redirect users after logout.
    AfterSignUpText string
    Text shown to the user after signing up.
    AkismetApiKey string
    API key for Akismet spam protection.
    AkismetEnabled bool
    (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
    AllowGroupOwnersToManageLdap bool
    Set to true to allow group owners to manage LDAP.
    AllowLocalRequestsFromSystemHooks bool
    Allow requests to the local network from system hooks.
    AllowLocalRequestsFromWebHooksAndServices bool
    Allow requests to the local network from web hooks and services.
    ArchiveBuildsInHumanReadable string
    Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
    AssetProxyAllowlists []string
    Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
    AssetProxyEnabled bool
    (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
    AssetProxySecretKey string
    Shared secret with the asset proxy server. GitLab restart is required to apply changes.
    AssetProxyUrl string
    URL of the asset proxy server. GitLab restart is required to apply changes.
    AuthorizedKeysEnabled bool
    By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
    AutoDevopsDomain string
    Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
    AutoDevopsEnabled bool
    Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
    AutomaticPurchasedStorageAllocation bool
    Enabling this permits automatic allocation of purchased storage in a namespace.
    CanCreateGroup bool
    Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
    CheckNamespacePlan bool
    Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
    CommitEmailHostname string
    Custom hostname (for private commit emails).
    ContainerExpirationPoliciesEnableHistoricEntries bool
    Enable cleanup policies for all projects.
    ContainerRegistryCleanupTagsServiceMaxListSize int
    The maximum number of tags that can be deleted in a single execution of cleanup policies.
    ContainerRegistryDeleteTagsServiceTimeout int
    The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
    ContainerRegistryExpirationPoliciesCaching bool
    Caching during the execution of cleanup policies.
    ContainerRegistryExpirationPoliciesWorkerCapacity int
    Number of workers for cleanup policies.
    ContainerRegistryTokenExpireDelay int
    Container Registry token duration in minutes.
    DeactivateDormantUsers bool
    Enable automatic deactivation of dormant users.
    DefaultArtifactsExpireIn string
    Set the default expiration time for each job’s artifacts.
    DefaultBranchName string
    Instance-level custom initial branch name (introduced in GitLab 13.2).
    DefaultBranchProtection int
    Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
    DefaultCiConfigPath string
    Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
    DefaultGroupVisibility string
    What visibility level new groups receive. Can take private, internal and public as a parameter.
    DefaultProjectCreation int
    Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
    DefaultProjectVisibility string
    What visibility level new projects receive. Can take private, internal and public as a parameter.
    DefaultProjectsLimit int
    Project limit per user.
    DefaultSnippetVisibility string
    What visibility level new snippets receive. Can take private, internal and public as a parameter.
    DeleteInactiveProjects bool
    Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
    DeletionAdjournedPeriod int
    The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
    DiffMaxFiles int
    Maximum files in a diff.
    DiffMaxLines int
    Maximum lines in a diff.
    DiffMaxPatchBytes int
    Maximum diff patch size, in bytes.
    DisableFeedToken bool
    Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
    DisabledOauthSignInSources []string
    Disabled OAuth sign-in sources.
    DnsRebindingProtectionEnabled bool
    Enforce DNS rebinding attack protection.
    DomainAllowlists []string
    Force people to use only corporate emails for sign-up. Null means there is no restriction.
    DomainDenylistEnabled bool
    (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
    DomainDenylists []string
    Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
    DsaKeyRestriction int
    The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
    EcdsaKeyRestriction int
    The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
    EcdsaSkKeyRestriction int
    The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
    Ed25519KeyRestriction int
    The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
    Ed25519SkKeyRestriction int
    The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
    EksAccessKeyId string
    AWS IAM access key ID.
    EksAccountId string
    Amazon account ID.
    EksIntegrationEnabled bool
    Enable integration with Amazon EKS.
    EksSecretAccessKey string
    AWS IAM secret access key.
    ElasticsearchAws bool
    Enable the use of AWS hosted Elasticsearch.
    ElasticsearchAwsAccessKey string
    AWS IAM access key.
    ElasticsearchAwsRegion string
    The AWS region the Elasticsearch domain is configured.
    ElasticsearchAwsSecretAccessKey string
    AWS IAM secret access key.
    ElasticsearchIndexedFieldLengthLimit int
    Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
    ElasticsearchIndexedFileSizeLimitKb int
    Maximum size of repository and wiki files that are indexed by Elasticsearch.
    ElasticsearchIndexing bool
    Enable Elasticsearch indexing.
    ElasticsearchLimitIndexing bool
    Limit Elasticsearch to index certain namespaces and projects.
    ElasticsearchMaxBulkConcurrency int
    Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
    ElasticsearchMaxBulkSizeMb int
    Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
    ElasticsearchNamespaceIds []int
    The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    ElasticsearchPassword string
    The password of your Elasticsearch instance.
    ElasticsearchProjectIds []int
    The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    ElasticsearchSearch bool
    Enable Elasticsearch search.
    ElasticsearchUrls []string
    The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
    ElasticsearchUsername string
    The username of your Elasticsearch instance.
    EmailAdditionalText string
    Additional text added to the bottom of every email for legal/auditing/compliance reasons.
    EmailAuthorInBody bool
    Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
    EnabledGitAccessProtocol string
    Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
    EnforceNamespaceStorageLimit bool
    Enabling this permits enforcement of namespace storage limits.
    EnforceTerms bool
    (If enabled, requires: terms) Enforce application ToS to all users.
    ExternalAuthClientCert string
    (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
    ExternalAuthClientKey string
    Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
    ExternalAuthClientKeyPass string
    Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
    ExternalAuthorizationServiceDefaultLabel string
    The default classification label to use when requesting authorization and no classification label has been specified on the project.
    ExternalAuthorizationServiceEnabled bool
    (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
    ExternalAuthorizationServiceTimeout float64
    The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
    ExternalAuthorizationServiceUrl string
    URL to which authorization requests are directed.
    ExternalPipelineValidationServiceTimeout int
    How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
    ExternalPipelineValidationServiceToken string
    Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
    ExternalPipelineValidationServiceUrl string
    URL to use for pipeline validation requests.
    FileTemplateProjectId int
    The ID of a project to load custom file templates from.
    FirstDayOfWeek int
    Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
    GeoNodeAllowedIps string
    Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
    GeoStatusTimeout int
    The amount of seconds after which a request to get a secondary node status times out.
    GitRateLimitUsersAllowlists []string
    List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
    GitTwoFactorSessionExpiry int
    Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
    GitalyTimeoutDefault int
    Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
    GitalyTimeoutFast int
    Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
    GitalyTimeoutMedium int
    Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
    GrafanaEnabled bool
    Enable Grafana.
    GrafanaUrl string
    Grafana URL.
    GravatarEnabled bool
    Enable Gravatar.
    GroupOwnersCanManageDefaultBranchProtection bool
    Prevent overrides of default branch protection.
    HashedStorageEnabled bool
    Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
    HelpPageHideCommercialContent bool
    Hide marketing-related entries from help.
    HelpPageSupportUrl string
    Alternate support URL for help page and help dropdown.
    HelpPageText string
    Custom text displayed on the help page.
    HelpText string
    GitLab server administrator information.
    HideThirdPartyOffers bool
    Do not display offers from third parties in GitLab.
    HomePageUrl string
    Redirect to this URL when not logged in.
    HousekeepingEnabled bool
    Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
    HousekeepingFullRepackPeriod int
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_full_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    HousekeepingGcPeriod int
    Number of Git pushes after which git gc is run.

    Deprecated:housekeeping_gc_period is deprecated. Use housekeeping_optimize_repository_period instead.

    HousekeepingIncrementalRepackPeriod int
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_incremental_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    HousekeepingOptimizeRepositoryPeriod int
    Number of Git pushes after which an incremental git repack is run.
    HtmlEmailsEnabled bool
    Enable HTML emails.
    ImportSources []string
    Sources to allow project import from. Valid values are: github, bitbucket, bitbucket_server, fogbugz, git, gitlab.Project, gitea, manifest
    InProductMarketingEmailsEnabled bool
    Enable in-product marketing emails.
    InactiveProjectsDeleteAfterMonths int
    If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    InactiveProjectsMinSizeMb int
    If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    InactiveProjectsSendWarningEmailAfterMonths int
    If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    InvisibleCaptchaEnabled bool
    Enable Invisible CAPTCHA spam detection during sign-up.
    IssuesCreateLimit int
    Max number of issue creation requests per minute per user.
    KeepLatestArtifact bool
    Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
    LocalMarkdownVersion int
    Increase this value when any cached Markdown should be invalidated.
    MailgunEventsEnabled bool
    Enable Mailgun event receiver.
    MailgunSigningKey string
    The Mailgun HTTP webhook signing key for receiving events from webhook.
    MaintenanceMode bool
    When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
    MaintenanceModeMessage string
    Message displayed when instance is in maintenance mode.
    MaxArtifactsSize int
    Maximum artifacts size in MB.
    MaxAttachmentSize int
    Limit attachment size in MB.
    MaxExportSize int
    Maximum export size in MB. 0 for unlimited.
    MaxImportSize int
    Maximum import size in MB. 0 for unlimited.
    MaxNumberOfRepositoryDownloads int
    Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
    MaxNumberOfRepositoryDownloadsWithinTimePeriod int
    Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
    MaxPagesSize int
    Maximum size of pages repositories in MB.
    MaxPersonalAccessTokenLifetime int
    Maximum allowable lifetime for access tokens in days.
    MaxSshKeyLifetime int
    Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
    MetricsMethodCallThreshold int
    A method call is only tracked when it takes longer than the given amount of milliseconds.
    MirrorAvailable bool
    Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
    MirrorCapacityThreshold int
    Minimum capacity to be available before scheduling more mirrors preemptively.
    MirrorMaxCapacity int
    Maximum number of mirrors that can be synchronizing at the same time.
    MirrorMaxDelay int
    Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
    NpmPackageRequestsForwarding bool
    Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
    OutboundLocalRequestsWhitelists []string
    Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
    PackageRegistryCleanupPoliciesWorkerCapacity int
    Number of workers assigned to the packages cleanup policies.
    PagesDomainVerificationEnabled bool
    Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
    PasswordAuthenticationEnabledForGit bool
    Enable authentication for Git over HTTP(S) via a GitLab account password.
    PasswordAuthenticationEnabledForWeb bool
    Enable authentication for the web interface via a GitLab account password.
    PasswordLowercaseRequired bool
    Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
    PasswordNumberRequired bool
    Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
    PasswordSymbolRequired bool
    Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
    PasswordUppercaseRequired bool
    Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
    PerformanceBarAllowedGroupPath string
    Path of the group that is allowed to toggle the performance bar.
    PersonalAccessTokenPrefix string
    Prefix for all generated personal access tokens.
    PipelineLimitPerProjectUserSha int
    Maximum number of pipeline creation requests per minute per user and commit.
    PlantumlEnabled bool
    (If enabled, requires: plantuml_url) Enable PlantUML integration.
    PlantumlUrl string
    The PlantUML instance URL for integration.
    PollingIntervalMultiplier float64
    Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
    ProjectExportEnabled bool
    Enable project export.
    PrometheusMetricsEnabled bool
    Enable Prometheus metrics.
    ProtectedCiVariables bool
    CI/CD variables are protected by default.
    PushEventActivitiesLimit int
    Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
    PushEventHooksLimit int
    Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
    PypiPackageRequestsForwarding bool
    Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
    RateLimitingResponseText string
    When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
    RawBlobRequestLimit int
    Max number of requests per minute for each raw path. To disable throttling set to 0.
    RecaptchaEnabled bool
    (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
    RecaptchaPrivateKey string
    Private key for reCAPTCHA.
    RecaptchaSiteKey string
    Site key for reCAPTCHA.
    ReceiveMaxInputSize int
    Maximum push size (MB).
    RepositoryChecksEnabled bool
    GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
    RepositorySizeLimit int
    Size limit per repository (MB).
    RepositoryStorages []string
    (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
    RepositoryStoragesWeighted map[string]int
    (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
    RequireAdminApprovalAfterUserSignup bool
    When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
    RequireTwoFactorAuthentication bool
    (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
    RestrictedVisibilityLevels []string
    Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
    RsaKeyRestriction int
    The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
    SearchRateLimit int
    Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
    SearchRateLimitUnauthenticated int
    Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
    SendUserConfirmationEmail bool
    Send confirmation email on sign-up.
    SessionExpireDelay int
    Session duration in minutes. GitLab restart is required to apply changes.
    SharedRunnersEnabled bool
    (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
    SharedRunnersMinutes int
    Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
    SharedRunnersText string
    Shared runners text.
    SidekiqJobLimiterCompressionThresholdBytes int
    The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
    SidekiqJobLimiterLimitBytes int
    The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
    SidekiqJobLimiterMode string
    track or compress. Sets the behavior for Sidekiq job size limits.
    SignInText string
    Text on the login page.
    SignupEnabled bool
    Enable registration.
    SlackAppEnabled bool
    (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
    SlackAppId string
    The app ID of the Slack-app.
    SlackAppSecret string
    The app secret of the Slack-app.
    SlackAppSigningSecret string
    The signing secret of the Slack-app.
    SlackAppVerificationToken string
    The verification token of the Slack-app.
    SnippetSizeLimit int
    Max snippet content size in bytes.
    SnowplowAppId string
    The Snowplow site name / application ID. (for example, gitlab)
    SnowplowCollectorHostname string
    The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
    SnowplowCookieDomain string
    The Snowplow cookie domain. (for example, .gitlab.com)
    SnowplowEnabled bool
    Enable snowplow tracking.
    SourcegraphEnabled bool
    Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
    SourcegraphPublicOnly bool
    Blocks Sourcegraph from being loaded on private and internal projects.
    SourcegraphUrl string
    The Sourcegraph instance URL for integration.
    SpamCheckApiKey string
    API key used by GitLab for accessing the Spam Check service endpoint.
    SpamCheckEndpointEnabled bool
    Enables spam checking using external Spam Check API endpoint.
    SpamCheckEndpointUrl string
    URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
    SuggestPipelineEnabled bool
    Enable pipeline suggestion banner.
    TerminalMaxSessionTime int
    Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
    Terms string
    (Required by: enforce_terms) Markdown content for the ToS.
    ThrottleAuthenticatedApiEnabled bool
    (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    ThrottleAuthenticatedApiPeriodInSeconds int
    Rate limit period (in seconds).
    ThrottleAuthenticatedApiRequestsPerPeriod int
    Maximum requests per period per user.
    ThrottleAuthenticatedPackagesApiEnabled bool
    (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    ThrottleAuthenticatedPackagesApiPeriodInSeconds int
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    ThrottleAuthenticatedPackagesApiRequestsPerPeriod int
    Maximum requests per period per user. View Package Registry rate limits for more details.
    ThrottleAuthenticatedWebEnabled bool
    (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    ThrottleAuthenticatedWebPeriodInSeconds int
    Rate limit period (in seconds).
    ThrottleAuthenticatedWebRequestsPerPeriod int
    Maximum requests per period per user.
    ThrottleUnauthenticatedApiEnabled bool
    (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    ThrottleUnauthenticatedApiPeriodInSeconds int
    Rate limit period in seconds.
    ThrottleUnauthenticatedApiRequestsPerPeriod int
    Max requests per period per IP.
    ThrottleUnauthenticatedPackagesApiEnabled bool
    (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    ThrottleUnauthenticatedPackagesApiPeriodInSeconds int
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    ThrottleUnauthenticatedPackagesApiRequestsPerPeriod int
    Maximum requests per period per user. View Package Registry rate limits for more details.
    ThrottleUnauthenticatedWebEnabled bool
    (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    ThrottleUnauthenticatedWebPeriodInSeconds int
    Rate limit period in seconds.
    ThrottleUnauthenticatedWebRequestsPerPeriod int
    Max requests per period per IP.
    TimeTrackingLimitToHours bool
    Limit display of time tracking units to hours.
    TwoFactorGracePeriod int
    Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
    UniqueIpsLimitEnabled bool
    (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
    UniqueIpsLimitPerUser int
    Maximum number of IPs per user.
    UniqueIpsLimitTimeWindow int
    How many seconds an IP is counted towards the limit.
    UsagePingEnabled bool
    Every week GitLab reports license usage back to GitLab, Inc.
    UserDeactivationEmailsEnabled bool
    Send an email to users upon account deactivation.
    UserDefaultExternal bool
    Newly registered users are external by default.
    UserDefaultInternalRegex string
    Specify an email address regex pattern to identify default internal users.
    UserOauthApplications bool
    Allow users to register any application to use GitLab as an OAuth provider.
    UserShowAddSshKeyMessage bool
    When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
    VersionCheckEnabled bool
    Let GitLab inform you when an update is available.
    WebIdeClientsidePreviewEnabled bool
    Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
    WhatsNewVariant string
    What’s new variant, possible values: alltiers, currenttier, and disabled.
    WikiPageMaxContentBytes int
    Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
    abuseNotificationEmail String
    If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
    adminMode Boolean
    Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
    afterSignOutPath String
    Where to redirect users after logout.
    afterSignUpText String
    Text shown to the user after signing up.
    akismetApiKey String
    API key for Akismet spam protection.
    akismetEnabled Boolean
    (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
    allowGroupOwnersToManageLdap Boolean
    Set to true to allow group owners to manage LDAP.
    allowLocalRequestsFromSystemHooks Boolean
    Allow requests to the local network from system hooks.
    allowLocalRequestsFromWebHooksAndServices Boolean
    Allow requests to the local network from web hooks and services.
    archiveBuildsInHumanReadable String
    Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
    assetProxyAllowlists List<String>
    Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
    assetProxyEnabled Boolean
    (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
    assetProxySecretKey String
    Shared secret with the asset proxy server. GitLab restart is required to apply changes.
    assetProxyUrl String
    URL of the asset proxy server. GitLab restart is required to apply changes.
    authorizedKeysEnabled Boolean
    By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
    autoDevopsDomain String
    Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
    autoDevopsEnabled Boolean
    Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
    automaticPurchasedStorageAllocation Boolean
    Enabling this permits automatic allocation of purchased storage in a namespace.
    canCreateGroup Boolean
    Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
    checkNamespacePlan Boolean
    Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
    commitEmailHostname String
    Custom hostname (for private commit emails).
    containerExpirationPoliciesEnableHistoricEntries Boolean
    Enable cleanup policies for all projects.
    containerRegistryCleanupTagsServiceMaxListSize Integer
    The maximum number of tags that can be deleted in a single execution of cleanup policies.
    containerRegistryDeleteTagsServiceTimeout Integer
    The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
    containerRegistryExpirationPoliciesCaching Boolean
    Caching during the execution of cleanup policies.
    containerRegistryExpirationPoliciesWorkerCapacity Integer
    Number of workers for cleanup policies.
    containerRegistryTokenExpireDelay Integer
    Container Registry token duration in minutes.
    deactivateDormantUsers Boolean
    Enable automatic deactivation of dormant users.
    defaultArtifactsExpireIn String
    Set the default expiration time for each job’s artifacts.
    defaultBranchName String
    Instance-level custom initial branch name (introduced in GitLab 13.2).
    defaultBranchProtection Integer
    Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
    defaultCiConfigPath String
    Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
    defaultGroupVisibility String
    What visibility level new groups receive. Can take private, internal and public as a parameter.
    defaultProjectCreation Integer
    Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
    defaultProjectVisibility String
    What visibility level new projects receive. Can take private, internal and public as a parameter.
    defaultProjectsLimit Integer
    Project limit per user.
    defaultSnippetVisibility String
    What visibility level new snippets receive. Can take private, internal and public as a parameter.
    deleteInactiveProjects Boolean
    Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
    deletionAdjournedPeriod Integer
    The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
    diffMaxFiles Integer
    Maximum files in a diff.
    diffMaxLines Integer
    Maximum lines in a diff.
    diffMaxPatchBytes Integer
    Maximum diff patch size, in bytes.
    disableFeedToken Boolean
    Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
    disabledOauthSignInSources List<String>
    Disabled OAuth sign-in sources.
    dnsRebindingProtectionEnabled Boolean
    Enforce DNS rebinding attack protection.
    domainAllowlists List<String>
    Force people to use only corporate emails for sign-up. Null means there is no restriction.
    domainDenylistEnabled Boolean
    (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
    domainDenylists List<String>
    Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
    dsaKeyRestriction Integer
    The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
    ecdsaKeyRestriction Integer
    The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
    ecdsaSkKeyRestriction Integer
    The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
    ed25519KeyRestriction Integer
    The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
    ed25519SkKeyRestriction Integer
    The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
    eksAccessKeyId String
    AWS IAM access key ID.
    eksAccountId String
    Amazon account ID.
    eksIntegrationEnabled Boolean
    Enable integration with Amazon EKS.
    eksSecretAccessKey String
    AWS IAM secret access key.
    elasticsearchAws Boolean
    Enable the use of AWS hosted Elasticsearch.
    elasticsearchAwsAccessKey String
    AWS IAM access key.
    elasticsearchAwsRegion String
    The AWS region the Elasticsearch domain is configured.
    elasticsearchAwsSecretAccessKey String
    AWS IAM secret access key.
    elasticsearchIndexedFieldLengthLimit Integer
    Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
    elasticsearchIndexedFileSizeLimitKb Integer
    Maximum size of repository and wiki files that are indexed by Elasticsearch.
    elasticsearchIndexing Boolean
    Enable Elasticsearch indexing.
    elasticsearchLimitIndexing Boolean
    Limit Elasticsearch to index certain namespaces and projects.
    elasticsearchMaxBulkConcurrency Integer
    Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
    elasticsearchMaxBulkSizeMb Integer
    Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
    elasticsearchNamespaceIds List<Integer>
    The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    elasticsearchPassword String
    The password of your Elasticsearch instance.
    elasticsearchProjectIds List<Integer>
    The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    elasticsearchSearch Boolean
    Enable Elasticsearch search.
    elasticsearchUrls List<String>
    The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
    elasticsearchUsername String
    The username of your Elasticsearch instance.
    emailAdditionalText String
    Additional text added to the bottom of every email for legal/auditing/compliance reasons.
    emailAuthorInBody Boolean
    Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
    enabledGitAccessProtocol String
    Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
    enforceNamespaceStorageLimit Boolean
    Enabling this permits enforcement of namespace storage limits.
    enforceTerms Boolean
    (If enabled, requires: terms) Enforce application ToS to all users.
    externalAuthClientCert String
    (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
    externalAuthClientKey String
    Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
    externalAuthClientKeyPass String
    Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
    externalAuthorizationServiceDefaultLabel String
    The default classification label to use when requesting authorization and no classification label has been specified on the project.
    externalAuthorizationServiceEnabled Boolean
    (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
    externalAuthorizationServiceTimeout Double
    The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
    externalAuthorizationServiceUrl String
    URL to which authorization requests are directed.
    externalPipelineValidationServiceTimeout Integer
    How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
    externalPipelineValidationServiceToken String
    Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
    externalPipelineValidationServiceUrl String
    URL to use for pipeline validation requests.
    fileTemplateProjectId Integer
    The ID of a project to load custom file templates from.
    firstDayOfWeek Integer
    Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
    geoNodeAllowedIps String
    Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
    geoStatusTimeout Integer
    The amount of seconds after which a request to get a secondary node status times out.
    gitRateLimitUsersAllowlists List<String>
    List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
    gitTwoFactorSessionExpiry Integer
    Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
    gitalyTimeoutDefault Integer
    Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
    gitalyTimeoutFast Integer
    Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
    gitalyTimeoutMedium Integer
    Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
    grafanaEnabled Boolean
    Enable Grafana.
    grafanaUrl String
    Grafana URL.
    gravatarEnabled Boolean
    Enable Gravatar.
    groupOwnersCanManageDefaultBranchProtection Boolean
    Prevent overrides of default branch protection.
    hashedStorageEnabled Boolean
    Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
    helpPageHideCommercialContent Boolean
    Hide marketing-related entries from help.
    helpPageSupportUrl String
    Alternate support URL for help page and help dropdown.
    helpPageText String
    Custom text displayed on the help page.
    helpText String
    GitLab server administrator information.
    hideThirdPartyOffers Boolean
    Do not display offers from third parties in GitLab.
    homePageUrl String
    Redirect to this URL when not logged in.
    housekeepingEnabled Boolean
    Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
    housekeepingFullRepackPeriod Integer
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_full_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeepingGcPeriod Integer
    Number of Git pushes after which git gc is run.

    Deprecated:housekeeping_gc_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeepingIncrementalRepackPeriod Integer
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_incremental_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeepingOptimizeRepositoryPeriod Integer
    Number of Git pushes after which an incremental git repack is run.
    htmlEmailsEnabled Boolean
    Enable HTML emails.
    importSources List<String>
    Sources to allow project import from. Valid values are: github, bitbucket, bitbucket_server, fogbugz, git, gitlab.Project, gitea, manifest
    inProductMarketingEmailsEnabled Boolean
    Enable in-product marketing emails.
    inactiveProjectsDeleteAfterMonths Integer
    If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    inactiveProjectsMinSizeMb Integer
    If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    inactiveProjectsSendWarningEmailAfterMonths Integer
    If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    invisibleCaptchaEnabled Boolean
    Enable Invisible CAPTCHA spam detection during sign-up.
    issuesCreateLimit Integer
    Max number of issue creation requests per minute per user.
    keepLatestArtifact Boolean
    Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
    localMarkdownVersion Integer
    Increase this value when any cached Markdown should be invalidated.
    mailgunEventsEnabled Boolean
    Enable Mailgun event receiver.
    mailgunSigningKey String
    The Mailgun HTTP webhook signing key for receiving events from webhook.
    maintenanceMode Boolean
    When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
    maintenanceModeMessage String
    Message displayed when instance is in maintenance mode.
    maxArtifactsSize Integer
    Maximum artifacts size in MB.
    maxAttachmentSize Integer
    Limit attachment size in MB.
    maxExportSize Integer
    Maximum export size in MB. 0 for unlimited.
    maxImportSize Integer
    Maximum import size in MB. 0 for unlimited.
    maxNumberOfRepositoryDownloads Integer
    Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
    maxNumberOfRepositoryDownloadsWithinTimePeriod Integer
    Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
    maxPagesSize Integer
    Maximum size of pages repositories in MB.
    maxPersonalAccessTokenLifetime Integer
    Maximum allowable lifetime for access tokens in days.
    maxSshKeyLifetime Integer
    Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
    metricsMethodCallThreshold Integer
    A method call is only tracked when it takes longer than the given amount of milliseconds.
    mirrorAvailable Boolean
    Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
    mirrorCapacityThreshold Integer
    Minimum capacity to be available before scheduling more mirrors preemptively.
    mirrorMaxCapacity Integer
    Maximum number of mirrors that can be synchronizing at the same time.
    mirrorMaxDelay Integer
    Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
    npmPackageRequestsForwarding Boolean
    Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
    outboundLocalRequestsWhitelists List<String>
    Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
    packageRegistryCleanupPoliciesWorkerCapacity Integer
    Number of workers assigned to the packages cleanup policies.
    pagesDomainVerificationEnabled Boolean
    Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
    passwordAuthenticationEnabledForGit Boolean
    Enable authentication for Git over HTTP(S) via a GitLab account password.
    passwordAuthenticationEnabledForWeb Boolean
    Enable authentication for the web interface via a GitLab account password.
    passwordLowercaseRequired Boolean
    Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
    passwordNumberRequired Boolean
    Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
    passwordSymbolRequired Boolean
    Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
    passwordUppercaseRequired Boolean
    Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
    performanceBarAllowedGroupPath String
    Path of the group that is allowed to toggle the performance bar.
    personalAccessTokenPrefix String
    Prefix for all generated personal access tokens.
    pipelineLimitPerProjectUserSha Integer
    Maximum number of pipeline creation requests per minute per user and commit.
    plantumlEnabled Boolean
    (If enabled, requires: plantuml_url) Enable PlantUML integration.
    plantumlUrl String
    The PlantUML instance URL for integration.
    pollingIntervalMultiplier Double
    Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
    projectExportEnabled Boolean
    Enable project export.
    prometheusMetricsEnabled Boolean
    Enable Prometheus metrics.
    protectedCiVariables Boolean
    CI/CD variables are protected by default.
    pushEventActivitiesLimit Integer
    Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
    pushEventHooksLimit Integer
    Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
    pypiPackageRequestsForwarding Boolean
    Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
    rateLimitingResponseText String
    When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
    rawBlobRequestLimit Integer
    Max number of requests per minute for each raw path. To disable throttling set to 0.
    recaptchaEnabled Boolean
    (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
    recaptchaPrivateKey String
    Private key for reCAPTCHA.
    recaptchaSiteKey String
    Site key for reCAPTCHA.
    receiveMaxInputSize Integer
    Maximum push size (MB).
    repositoryChecksEnabled Boolean
    GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
    repositorySizeLimit Integer
    Size limit per repository (MB).
    repositoryStorages List<String>
    (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
    repositoryStoragesWeighted Map<String,Integer>
    (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
    requireAdminApprovalAfterUserSignup Boolean
    When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
    requireTwoFactorAuthentication Boolean
    (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
    restrictedVisibilityLevels List<String>
    Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
    rsaKeyRestriction Integer
    The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
    searchRateLimit Integer
    Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
    searchRateLimitUnauthenticated Integer
    Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
    sendUserConfirmationEmail Boolean
    Send confirmation email on sign-up.
    sessionExpireDelay Integer
    Session duration in minutes. GitLab restart is required to apply changes.
    sharedRunnersEnabled Boolean
    (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
    sharedRunnersMinutes Integer
    Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
    sharedRunnersText String
    Shared runners text.
    sidekiqJobLimiterCompressionThresholdBytes Integer
    The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
    sidekiqJobLimiterLimitBytes Integer
    The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
    sidekiqJobLimiterMode String
    track or compress. Sets the behavior for Sidekiq job size limits.
    signInText String
    Text on the login page.
    signupEnabled Boolean
    Enable registration.
    slackAppEnabled Boolean
    (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
    slackAppId String
    The app ID of the Slack-app.
    slackAppSecret String
    The app secret of the Slack-app.
    slackAppSigningSecret String
    The signing secret of the Slack-app.
    slackAppVerificationToken String
    The verification token of the Slack-app.
    snippetSizeLimit Integer
    Max snippet content size in bytes.
    snowplowAppId String
    The Snowplow site name / application ID. (for example, gitlab)
    snowplowCollectorHostname String
    The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
    snowplowCookieDomain String
    The Snowplow cookie domain. (for example, .gitlab.com)
    snowplowEnabled Boolean
    Enable snowplow tracking.
    sourcegraphEnabled Boolean
    Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
    sourcegraphPublicOnly Boolean
    Blocks Sourcegraph from being loaded on private and internal projects.
    sourcegraphUrl String
    The Sourcegraph instance URL for integration.
    spamCheckApiKey String
    API key used by GitLab for accessing the Spam Check service endpoint.
    spamCheckEndpointEnabled Boolean
    Enables spam checking using external Spam Check API endpoint.
    spamCheckEndpointUrl String
    URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
    suggestPipelineEnabled Boolean
    Enable pipeline suggestion banner.
    terminalMaxSessionTime Integer
    Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
    terms String
    (Required by: enforce_terms) Markdown content for the ToS.
    throttleAuthenticatedApiEnabled Boolean
    (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleAuthenticatedApiPeriodInSeconds Integer
    Rate limit period (in seconds).
    throttleAuthenticatedApiRequestsPerPeriod Integer
    Maximum requests per period per user.
    throttleAuthenticatedPackagesApiEnabled Boolean
    (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    throttleAuthenticatedPackagesApiPeriodInSeconds Integer
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    throttleAuthenticatedPackagesApiRequestsPerPeriod Integer
    Maximum requests per period per user. View Package Registry rate limits for more details.
    throttleAuthenticatedWebEnabled Boolean
    (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleAuthenticatedWebPeriodInSeconds Integer
    Rate limit period (in seconds).
    throttleAuthenticatedWebRequestsPerPeriod Integer
    Maximum requests per period per user.
    throttleUnauthenticatedApiEnabled Boolean
    (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleUnauthenticatedApiPeriodInSeconds Integer
    Rate limit period in seconds.
    throttleUnauthenticatedApiRequestsPerPeriod Integer
    Max requests per period per IP.
    throttleUnauthenticatedPackagesApiEnabled Boolean
    (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    throttleUnauthenticatedPackagesApiPeriodInSeconds Integer
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    throttleUnauthenticatedPackagesApiRequestsPerPeriod Integer
    Maximum requests per period per user. View Package Registry rate limits for more details.
    throttleUnauthenticatedWebEnabled Boolean
    (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleUnauthenticatedWebPeriodInSeconds Integer
    Rate limit period in seconds.
    throttleUnauthenticatedWebRequestsPerPeriod Integer
    Max requests per period per IP.
    timeTrackingLimitToHours Boolean
    Limit display of time tracking units to hours.
    twoFactorGracePeriod Integer
    Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
    uniqueIpsLimitEnabled Boolean
    (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
    uniqueIpsLimitPerUser Integer
    Maximum number of IPs per user.
    uniqueIpsLimitTimeWindow Integer
    How many seconds an IP is counted towards the limit.
    usagePingEnabled Boolean
    Every week GitLab reports license usage back to GitLab, Inc.
    userDeactivationEmailsEnabled Boolean
    Send an email to users upon account deactivation.
    userDefaultExternal Boolean
    Newly registered users are external by default.
    userDefaultInternalRegex String
    Specify an email address regex pattern to identify default internal users.
    userOauthApplications Boolean
    Allow users to register any application to use GitLab as an OAuth provider.
    userShowAddSshKeyMessage Boolean
    When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
    versionCheckEnabled Boolean
    Let GitLab inform you when an update is available.
    webIdeClientsidePreviewEnabled Boolean
    Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
    whatsNewVariant String
    What’s new variant, possible values: alltiers, currenttier, and disabled.
    wikiPageMaxContentBytes Integer
    Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
    abuseNotificationEmail string
    If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
    adminMode boolean
    Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
    afterSignOutPath string
    Where to redirect users after logout.
    afterSignUpText string
    Text shown to the user after signing up.
    akismetApiKey string
    API key for Akismet spam protection.
    akismetEnabled boolean
    (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
    allowGroupOwnersToManageLdap boolean
    Set to true to allow group owners to manage LDAP.
    allowLocalRequestsFromSystemHooks boolean
    Allow requests to the local network from system hooks.
    allowLocalRequestsFromWebHooksAndServices boolean
    Allow requests to the local network from web hooks and services.
    archiveBuildsInHumanReadable string
    Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
    assetProxyAllowlists string[]
    Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
    assetProxyEnabled boolean
    (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
    assetProxySecretKey string
    Shared secret with the asset proxy server. GitLab restart is required to apply changes.
    assetProxyUrl string
    URL of the asset proxy server. GitLab restart is required to apply changes.
    authorizedKeysEnabled boolean
    By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
    autoDevopsDomain string
    Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
    autoDevopsEnabled boolean
    Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
    automaticPurchasedStorageAllocation boolean
    Enabling this permits automatic allocation of purchased storage in a namespace.
    canCreateGroup boolean
    Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
    checkNamespacePlan boolean
    Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
    commitEmailHostname string
    Custom hostname (for private commit emails).
    containerExpirationPoliciesEnableHistoricEntries boolean
    Enable cleanup policies for all projects.
    containerRegistryCleanupTagsServiceMaxListSize number
    The maximum number of tags that can be deleted in a single execution of cleanup policies.
    containerRegistryDeleteTagsServiceTimeout number
    The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
    containerRegistryExpirationPoliciesCaching boolean
    Caching during the execution of cleanup policies.
    containerRegistryExpirationPoliciesWorkerCapacity number
    Number of workers for cleanup policies.
    containerRegistryTokenExpireDelay number
    Container Registry token duration in minutes.
    deactivateDormantUsers boolean
    Enable automatic deactivation of dormant users.
    defaultArtifactsExpireIn string
    Set the default expiration time for each job’s artifacts.
    defaultBranchName string
    Instance-level custom initial branch name (introduced in GitLab 13.2).
    defaultBranchProtection number
    Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
    defaultCiConfigPath string
    Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
    defaultGroupVisibility string
    What visibility level new groups receive. Can take private, internal and public as a parameter.
    defaultProjectCreation number
    Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
    defaultProjectVisibility string
    What visibility level new projects receive. Can take private, internal and public as a parameter.
    defaultProjectsLimit number
    Project limit per user.
    defaultSnippetVisibility string
    What visibility level new snippets receive. Can take private, internal and public as a parameter.
    deleteInactiveProjects boolean
    Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
    deletionAdjournedPeriod number
    The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
    diffMaxFiles number
    Maximum files in a diff.
    diffMaxLines number
    Maximum lines in a diff.
    diffMaxPatchBytes number
    Maximum diff patch size, in bytes.
    disableFeedToken boolean
    Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
    disabledOauthSignInSources string[]
    Disabled OAuth sign-in sources.
    dnsRebindingProtectionEnabled boolean
    Enforce DNS rebinding attack protection.
    domainAllowlists string[]
    Force people to use only corporate emails for sign-up. Null means there is no restriction.
    domainDenylistEnabled boolean
    (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
    domainDenylists string[]
    Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
    dsaKeyRestriction number
    The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
    ecdsaKeyRestriction number
    The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
    ecdsaSkKeyRestriction number
    The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
    ed25519KeyRestriction number
    The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
    ed25519SkKeyRestriction number
    The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
    eksAccessKeyId string
    AWS IAM access key ID.
    eksAccountId string
    Amazon account ID.
    eksIntegrationEnabled boolean
    Enable integration with Amazon EKS.
    eksSecretAccessKey string
    AWS IAM secret access key.
    elasticsearchAws boolean
    Enable the use of AWS hosted Elasticsearch.
    elasticsearchAwsAccessKey string
    AWS IAM access key.
    elasticsearchAwsRegion string
    The AWS region the Elasticsearch domain is configured.
    elasticsearchAwsSecretAccessKey string
    AWS IAM secret access key.
    elasticsearchIndexedFieldLengthLimit number
    Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
    elasticsearchIndexedFileSizeLimitKb number
    Maximum size of repository and wiki files that are indexed by Elasticsearch.
    elasticsearchIndexing boolean
    Enable Elasticsearch indexing.
    elasticsearchLimitIndexing boolean
    Limit Elasticsearch to index certain namespaces and projects.
    elasticsearchMaxBulkConcurrency number
    Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
    elasticsearchMaxBulkSizeMb number
    Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
    elasticsearchNamespaceIds number[]
    The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    elasticsearchPassword string
    The password of your Elasticsearch instance.
    elasticsearchProjectIds number[]
    The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    elasticsearchSearch boolean
    Enable Elasticsearch search.
    elasticsearchUrls string[]
    The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
    elasticsearchUsername string
    The username of your Elasticsearch instance.
    emailAdditionalText string
    Additional text added to the bottom of every email for legal/auditing/compliance reasons.
    emailAuthorInBody boolean
    Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
    enabledGitAccessProtocol string
    Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
    enforceNamespaceStorageLimit boolean
    Enabling this permits enforcement of namespace storage limits.
    enforceTerms boolean
    (If enabled, requires: terms) Enforce application ToS to all users.
    externalAuthClientCert string
    (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
    externalAuthClientKey string
    Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
    externalAuthClientKeyPass string
    Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
    externalAuthorizationServiceDefaultLabel string
    The default classification label to use when requesting authorization and no classification label has been specified on the project.
    externalAuthorizationServiceEnabled boolean
    (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
    externalAuthorizationServiceTimeout number
    The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
    externalAuthorizationServiceUrl string
    URL to which authorization requests are directed.
    externalPipelineValidationServiceTimeout number
    How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
    externalPipelineValidationServiceToken string
    Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
    externalPipelineValidationServiceUrl string
    URL to use for pipeline validation requests.
    fileTemplateProjectId number
    The ID of a project to load custom file templates from.
    firstDayOfWeek number
    Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
    geoNodeAllowedIps string
    Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
    geoStatusTimeout number
    The amount of seconds after which a request to get a secondary node status times out.
    gitRateLimitUsersAllowlists string[]
    List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
    gitTwoFactorSessionExpiry number
    Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
    gitalyTimeoutDefault number
    Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
    gitalyTimeoutFast number
    Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
    gitalyTimeoutMedium number
    Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
    grafanaEnabled boolean
    Enable Grafana.
    grafanaUrl string
    Grafana URL.
    gravatarEnabled boolean
    Enable Gravatar.
    groupOwnersCanManageDefaultBranchProtection boolean
    Prevent overrides of default branch protection.
    hashedStorageEnabled boolean
    Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
    helpPageHideCommercialContent boolean
    Hide marketing-related entries from help.
    helpPageSupportUrl string
    Alternate support URL for help page and help dropdown.
    helpPageText string
    Custom text displayed on the help page.
    helpText string
    GitLab server administrator information.
    hideThirdPartyOffers boolean
    Do not display offers from third parties in GitLab.
    homePageUrl string
    Redirect to this URL when not logged in.
    housekeepingEnabled boolean
    Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
    housekeepingFullRepackPeriod number
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_full_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeepingGcPeriod number
    Number of Git pushes after which git gc is run.

    Deprecated:housekeeping_gc_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeepingIncrementalRepackPeriod number
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_incremental_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeepingOptimizeRepositoryPeriod number
    Number of Git pushes after which an incremental git repack is run.
    htmlEmailsEnabled boolean
    Enable HTML emails.
    importSources string[]
    Sources to allow project import from. Valid values are: github, bitbucket, bitbucket_server, fogbugz, git, gitlab.Project, gitea, manifest
    inProductMarketingEmailsEnabled boolean
    Enable in-product marketing emails.
    inactiveProjectsDeleteAfterMonths number
    If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    inactiveProjectsMinSizeMb number
    If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    inactiveProjectsSendWarningEmailAfterMonths number
    If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    invisibleCaptchaEnabled boolean
    Enable Invisible CAPTCHA spam detection during sign-up.
    issuesCreateLimit number
    Max number of issue creation requests per minute per user.
    keepLatestArtifact boolean
    Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
    localMarkdownVersion number
    Increase this value when any cached Markdown should be invalidated.
    mailgunEventsEnabled boolean
    Enable Mailgun event receiver.
    mailgunSigningKey string
    The Mailgun HTTP webhook signing key for receiving events from webhook.
    maintenanceMode boolean
    When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
    maintenanceModeMessage string
    Message displayed when instance is in maintenance mode.
    maxArtifactsSize number
    Maximum artifacts size in MB.
    maxAttachmentSize number
    Limit attachment size in MB.
    maxExportSize number
    Maximum export size in MB. 0 for unlimited.
    maxImportSize number
    Maximum import size in MB. 0 for unlimited.
    maxNumberOfRepositoryDownloads number
    Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
    maxNumberOfRepositoryDownloadsWithinTimePeriod number
    Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
    maxPagesSize number
    Maximum size of pages repositories in MB.
    maxPersonalAccessTokenLifetime number
    Maximum allowable lifetime for access tokens in days.
    maxSshKeyLifetime number
    Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
    metricsMethodCallThreshold number
    A method call is only tracked when it takes longer than the given amount of milliseconds.
    mirrorAvailable boolean
    Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
    mirrorCapacityThreshold number
    Minimum capacity to be available before scheduling more mirrors preemptively.
    mirrorMaxCapacity number
    Maximum number of mirrors that can be synchronizing at the same time.
    mirrorMaxDelay number
    Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
    npmPackageRequestsForwarding boolean
    Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
    outboundLocalRequestsWhitelists string[]
    Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
    packageRegistryCleanupPoliciesWorkerCapacity number
    Number of workers assigned to the packages cleanup policies.
    pagesDomainVerificationEnabled boolean
    Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
    passwordAuthenticationEnabledForGit boolean
    Enable authentication for Git over HTTP(S) via a GitLab account password.
    passwordAuthenticationEnabledForWeb boolean
    Enable authentication for the web interface via a GitLab account password.
    passwordLowercaseRequired boolean
    Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
    passwordNumberRequired boolean
    Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
    passwordSymbolRequired boolean
    Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
    passwordUppercaseRequired boolean
    Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
    performanceBarAllowedGroupPath string
    Path of the group that is allowed to toggle the performance bar.
    personalAccessTokenPrefix string
    Prefix for all generated personal access tokens.
    pipelineLimitPerProjectUserSha number
    Maximum number of pipeline creation requests per minute per user and commit.
    plantumlEnabled boolean
    (If enabled, requires: plantuml_url) Enable PlantUML integration.
    plantumlUrl string
    The PlantUML instance URL for integration.
    pollingIntervalMultiplier number
    Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
    projectExportEnabled boolean
    Enable project export.
    prometheusMetricsEnabled boolean
    Enable Prometheus metrics.
    protectedCiVariables boolean
    CI/CD variables are protected by default.
    pushEventActivitiesLimit number
    Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
    pushEventHooksLimit number
    Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
    pypiPackageRequestsForwarding boolean
    Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
    rateLimitingResponseText string
    When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
    rawBlobRequestLimit number
    Max number of requests per minute for each raw path. To disable throttling set to 0.
    recaptchaEnabled boolean
    (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
    recaptchaPrivateKey string
    Private key for reCAPTCHA.
    recaptchaSiteKey string
    Site key for reCAPTCHA.
    receiveMaxInputSize number
    Maximum push size (MB).
    repositoryChecksEnabled boolean
    GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
    repositorySizeLimit number
    Size limit per repository (MB).
    repositoryStorages string[]
    (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
    repositoryStoragesWeighted {[key: string]: number}
    (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
    requireAdminApprovalAfterUserSignup boolean
    When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
    requireTwoFactorAuthentication boolean
    (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
    restrictedVisibilityLevels string[]
    Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
    rsaKeyRestriction number
    The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
    searchRateLimit number
    Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
    searchRateLimitUnauthenticated number
    Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
    sendUserConfirmationEmail boolean
    Send confirmation email on sign-up.
    sessionExpireDelay number
    Session duration in minutes. GitLab restart is required to apply changes.
    sharedRunnersEnabled boolean
    (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
    sharedRunnersMinutes number
    Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
    sharedRunnersText string
    Shared runners text.
    sidekiqJobLimiterCompressionThresholdBytes number
    The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
    sidekiqJobLimiterLimitBytes number
    The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
    sidekiqJobLimiterMode string
    track or compress. Sets the behavior for Sidekiq job size limits.
    signInText string
    Text on the login page.
    signupEnabled boolean
    Enable registration.
    slackAppEnabled boolean
    (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
    slackAppId string
    The app ID of the Slack-app.
    slackAppSecret string
    The app secret of the Slack-app.
    slackAppSigningSecret string
    The signing secret of the Slack-app.
    slackAppVerificationToken string
    The verification token of the Slack-app.
    snippetSizeLimit number
    Max snippet content size in bytes.
    snowplowAppId string
    The Snowplow site name / application ID. (for example, gitlab)
    snowplowCollectorHostname string
    The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
    snowplowCookieDomain string
    The Snowplow cookie domain. (for example, .gitlab.com)
    snowplowEnabled boolean
    Enable snowplow tracking.
    sourcegraphEnabled boolean
    Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
    sourcegraphPublicOnly boolean
    Blocks Sourcegraph from being loaded on private and internal projects.
    sourcegraphUrl string
    The Sourcegraph instance URL for integration.
    spamCheckApiKey string
    API key used by GitLab for accessing the Spam Check service endpoint.
    spamCheckEndpointEnabled boolean
    Enables spam checking using external Spam Check API endpoint.
    spamCheckEndpointUrl string
    URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
    suggestPipelineEnabled boolean
    Enable pipeline suggestion banner.
    terminalMaxSessionTime number
    Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
    terms string
    (Required by: enforce_terms) Markdown content for the ToS.
    throttleAuthenticatedApiEnabled boolean
    (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleAuthenticatedApiPeriodInSeconds number
    Rate limit period (in seconds).
    throttleAuthenticatedApiRequestsPerPeriod number
    Maximum requests per period per user.
    throttleAuthenticatedPackagesApiEnabled boolean
    (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    throttleAuthenticatedPackagesApiPeriodInSeconds number
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    throttleAuthenticatedPackagesApiRequestsPerPeriod number
    Maximum requests per period per user. View Package Registry rate limits for more details.
    throttleAuthenticatedWebEnabled boolean
    (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleAuthenticatedWebPeriodInSeconds number
    Rate limit period (in seconds).
    throttleAuthenticatedWebRequestsPerPeriod number
    Maximum requests per period per user.
    throttleUnauthenticatedApiEnabled boolean
    (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleUnauthenticatedApiPeriodInSeconds number
    Rate limit period in seconds.
    throttleUnauthenticatedApiRequestsPerPeriod number
    Max requests per period per IP.
    throttleUnauthenticatedPackagesApiEnabled boolean
    (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    throttleUnauthenticatedPackagesApiPeriodInSeconds number
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    throttleUnauthenticatedPackagesApiRequestsPerPeriod number
    Maximum requests per period per user. View Package Registry rate limits for more details.
    throttleUnauthenticatedWebEnabled boolean
    (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleUnauthenticatedWebPeriodInSeconds number
    Rate limit period in seconds.
    throttleUnauthenticatedWebRequestsPerPeriod number
    Max requests per period per IP.
    timeTrackingLimitToHours boolean
    Limit display of time tracking units to hours.
    twoFactorGracePeriod number
    Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
    uniqueIpsLimitEnabled boolean
    (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
    uniqueIpsLimitPerUser number
    Maximum number of IPs per user.
    uniqueIpsLimitTimeWindow number
    How many seconds an IP is counted towards the limit.
    usagePingEnabled boolean
    Every week GitLab reports license usage back to GitLab, Inc.
    userDeactivationEmailsEnabled boolean
    Send an email to users upon account deactivation.
    userDefaultExternal boolean
    Newly registered users are external by default.
    userDefaultInternalRegex string
    Specify an email address regex pattern to identify default internal users.
    userOauthApplications boolean
    Allow users to register any application to use GitLab as an OAuth provider.
    userShowAddSshKeyMessage boolean
    When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
    versionCheckEnabled boolean
    Let GitLab inform you when an update is available.
    webIdeClientsidePreviewEnabled boolean
    Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
    whatsNewVariant string
    What’s new variant, possible values: alltiers, currenttier, and disabled.
    wikiPageMaxContentBytes number
    Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
    abuse_notification_email str
    If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
    admin_mode bool
    Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
    after_sign_out_path str
    Where to redirect users after logout.
    after_sign_up_text str
    Text shown to the user after signing up.
    akismet_api_key str
    API key for Akismet spam protection.
    akismet_enabled bool
    (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
    allow_group_owners_to_manage_ldap bool
    Set to true to allow group owners to manage LDAP.
    allow_local_requests_from_system_hooks bool
    Allow requests to the local network from system hooks.
    allow_local_requests_from_web_hooks_and_services bool
    Allow requests to the local network from web hooks and services.
    archive_builds_in_human_readable str
    Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
    asset_proxy_allowlists Sequence[str]
    Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
    asset_proxy_enabled bool
    (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
    asset_proxy_secret_key str
    Shared secret with the asset proxy server. GitLab restart is required to apply changes.
    asset_proxy_url str
    URL of the asset proxy server. GitLab restart is required to apply changes.
    authorized_keys_enabled bool
    By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
    auto_devops_domain str
    Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
    auto_devops_enabled bool
    Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
    automatic_purchased_storage_allocation bool
    Enabling this permits automatic allocation of purchased storage in a namespace.
    can_create_group bool
    Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
    check_namespace_plan bool
    Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
    commit_email_hostname str
    Custom hostname (for private commit emails).
    container_expiration_policies_enable_historic_entries bool
    Enable cleanup policies for all projects.
    container_registry_cleanup_tags_service_max_list_size int
    The maximum number of tags that can be deleted in a single execution of cleanup policies.
    container_registry_delete_tags_service_timeout int
    The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
    container_registry_expiration_policies_caching bool
    Caching during the execution of cleanup policies.
    container_registry_expiration_policies_worker_capacity int
    Number of workers for cleanup policies.
    container_registry_token_expire_delay int
    Container Registry token duration in minutes.
    deactivate_dormant_users bool
    Enable automatic deactivation of dormant users.
    default_artifacts_expire_in str
    Set the default expiration time for each job’s artifacts.
    default_branch_name str
    Instance-level custom initial branch name (introduced in GitLab 13.2).
    default_branch_protection int
    Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
    default_ci_config_path str
    Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
    default_group_visibility str
    What visibility level new groups receive. Can take private, internal and public as a parameter.
    default_project_creation int
    Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
    default_project_visibility str
    What visibility level new projects receive. Can take private, internal and public as a parameter.
    default_projects_limit int
    Project limit per user.
    default_snippet_visibility str
    What visibility level new snippets receive. Can take private, internal and public as a parameter.
    delete_inactive_projects bool
    Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
    deletion_adjourned_period int
    The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
    diff_max_files int
    Maximum files in a diff.
    diff_max_lines int
    Maximum lines in a diff.
    diff_max_patch_bytes int
    Maximum diff patch size, in bytes.
    disable_feed_token bool
    Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
    disabled_oauth_sign_in_sources Sequence[str]
    Disabled OAuth sign-in sources.
    dns_rebinding_protection_enabled bool
    Enforce DNS rebinding attack protection.
    domain_allowlists Sequence[str]
    Force people to use only corporate emails for sign-up. Null means there is no restriction.
    domain_denylist_enabled bool
    (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
    domain_denylists Sequence[str]
    Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
    dsa_key_restriction int
    The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
    ecdsa_key_restriction int
    The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
    ecdsa_sk_key_restriction int
    The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
    ed25519_key_restriction int
    The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
    ed25519_sk_key_restriction int
    The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
    eks_access_key_id str
    AWS IAM access key ID.
    eks_account_id str
    Amazon account ID.
    eks_integration_enabled bool
    Enable integration with Amazon EKS.
    eks_secret_access_key str
    AWS IAM secret access key.
    elasticsearch_aws bool
    Enable the use of AWS hosted Elasticsearch.
    elasticsearch_aws_access_key str
    AWS IAM access key.
    elasticsearch_aws_region str
    The AWS region the Elasticsearch domain is configured.
    elasticsearch_aws_secret_access_key str
    AWS IAM secret access key.
    elasticsearch_indexed_field_length_limit int
    Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
    elasticsearch_indexed_file_size_limit_kb int
    Maximum size of repository and wiki files that are indexed by Elasticsearch.
    elasticsearch_indexing bool
    Enable Elasticsearch indexing.
    elasticsearch_limit_indexing bool
    Limit Elasticsearch to index certain namespaces and projects.
    elasticsearch_max_bulk_concurrency int
    Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
    elasticsearch_max_bulk_size_mb int
    Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
    elasticsearch_namespace_ids Sequence[int]
    The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    elasticsearch_password str
    The password of your Elasticsearch instance.
    elasticsearch_project_ids Sequence[int]
    The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    elasticsearch_search bool
    Enable Elasticsearch search.
    elasticsearch_urls Sequence[str]
    The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
    elasticsearch_username str
    The username of your Elasticsearch instance.
    email_additional_text str
    Additional text added to the bottom of every email for legal/auditing/compliance reasons.
    email_author_in_body bool
    Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
    enabled_git_access_protocol str
    Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
    enforce_namespace_storage_limit bool
    Enabling this permits enforcement of namespace storage limits.
    enforce_terms bool
    (If enabled, requires: terms) Enforce application ToS to all users.
    external_auth_client_cert str
    (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
    external_auth_client_key str
    Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
    external_auth_client_key_pass str
    Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
    external_authorization_service_default_label str
    The default classification label to use when requesting authorization and no classification label has been specified on the project.
    external_authorization_service_enabled bool
    (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
    external_authorization_service_timeout float
    The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
    external_authorization_service_url str
    URL to which authorization requests are directed.
    external_pipeline_validation_service_timeout int
    How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
    external_pipeline_validation_service_token str
    Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
    external_pipeline_validation_service_url str
    URL to use for pipeline validation requests.
    file_template_project_id int
    The ID of a project to load custom file templates from.
    first_day_of_week int
    Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
    geo_node_allowed_ips str
    Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
    geo_status_timeout int
    The amount of seconds after which a request to get a secondary node status times out.
    git_rate_limit_users_allowlists Sequence[str]
    List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
    git_two_factor_session_expiry int
    Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
    gitaly_timeout_default int
    Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
    gitaly_timeout_fast int
    Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
    gitaly_timeout_medium int
    Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
    grafana_enabled bool
    Enable Grafana.
    grafana_url str
    Grafana URL.
    gravatar_enabled bool
    Enable Gravatar.
    group_owners_can_manage_default_branch_protection bool
    Prevent overrides of default branch protection.
    hashed_storage_enabled bool
    Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
    help_page_hide_commercial_content bool
    Hide marketing-related entries from help.
    help_page_support_url str
    Alternate support URL for help page and help dropdown.
    help_page_text str
    Custom text displayed on the help page.
    help_text str
    GitLab server administrator information.
    hide_third_party_offers bool
    Do not display offers from third parties in GitLab.
    home_page_url str
    Redirect to this URL when not logged in.
    housekeeping_enabled bool
    Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
    housekeeping_full_repack_period int
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_full_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeeping_gc_period int
    Number of Git pushes after which git gc is run.

    Deprecated:housekeeping_gc_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeeping_incremental_repack_period int
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_incremental_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeeping_optimize_repository_period int
    Number of Git pushes after which an incremental git repack is run.
    html_emails_enabled bool
    Enable HTML emails.
    import_sources Sequence[str]
    Sources to allow project import from. Valid values are: github, bitbucket, bitbucket_server, fogbugz, git, gitlab.Project, gitea, manifest
    in_product_marketing_emails_enabled bool
    Enable in-product marketing emails.
    inactive_projects_delete_after_months int
    If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    inactive_projects_min_size_mb int
    If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    inactive_projects_send_warning_email_after_months int
    If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    invisible_captcha_enabled bool
    Enable Invisible CAPTCHA spam detection during sign-up.
    issues_create_limit int
    Max number of issue creation requests per minute per user.
    keep_latest_artifact bool
    Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
    local_markdown_version int
    Increase this value when any cached Markdown should be invalidated.
    mailgun_events_enabled bool
    Enable Mailgun event receiver.
    mailgun_signing_key str
    The Mailgun HTTP webhook signing key for receiving events from webhook.
    maintenance_mode bool
    When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
    maintenance_mode_message str
    Message displayed when instance is in maintenance mode.
    max_artifacts_size int
    Maximum artifacts size in MB.
    max_attachment_size int
    Limit attachment size in MB.
    max_export_size int
    Maximum export size in MB. 0 for unlimited.
    max_import_size int
    Maximum import size in MB. 0 for unlimited.
    max_number_of_repository_downloads int
    Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
    max_number_of_repository_downloads_within_time_period int
    Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
    max_pages_size int
    Maximum size of pages repositories in MB.
    max_personal_access_token_lifetime int
    Maximum allowable lifetime for access tokens in days.
    max_ssh_key_lifetime int
    Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
    metrics_method_call_threshold int
    A method call is only tracked when it takes longer than the given amount of milliseconds.
    mirror_available bool
    Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
    mirror_capacity_threshold int
    Minimum capacity to be available before scheduling more mirrors preemptively.
    mirror_max_capacity int
    Maximum number of mirrors that can be synchronizing at the same time.
    mirror_max_delay int
    Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
    npm_package_requests_forwarding bool
    Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
    outbound_local_requests_whitelists Sequence[str]
    Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
    package_registry_cleanup_policies_worker_capacity int
    Number of workers assigned to the packages cleanup policies.
    pages_domain_verification_enabled bool
    Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
    password_authentication_enabled_for_git bool
    Enable authentication for Git over HTTP(S) via a GitLab account password.
    password_authentication_enabled_for_web bool
    Enable authentication for the web interface via a GitLab account password.
    password_lowercase_required bool
    Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
    password_number_required bool
    Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
    password_symbol_required bool
    Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
    password_uppercase_required bool
    Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
    performance_bar_allowed_group_path str
    Path of the group that is allowed to toggle the performance bar.
    personal_access_token_prefix str
    Prefix for all generated personal access tokens.
    pipeline_limit_per_project_user_sha int
    Maximum number of pipeline creation requests per minute per user and commit.
    plantuml_enabled bool
    (If enabled, requires: plantuml_url) Enable PlantUML integration.
    plantuml_url str
    The PlantUML instance URL for integration.
    polling_interval_multiplier float
    Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
    project_export_enabled bool
    Enable project export.
    prometheus_metrics_enabled bool
    Enable Prometheus metrics.
    protected_ci_variables bool
    CI/CD variables are protected by default.
    push_event_activities_limit int
    Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
    push_event_hooks_limit int
    Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
    pypi_package_requests_forwarding bool
    Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
    rate_limiting_response_text str
    When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
    raw_blob_request_limit int
    Max number of requests per minute for each raw path. To disable throttling set to 0.
    recaptcha_enabled bool
    (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
    recaptcha_private_key str
    Private key for reCAPTCHA.
    recaptcha_site_key str
    Site key for reCAPTCHA.
    receive_max_input_size int
    Maximum push size (MB).
    repository_checks_enabled bool
    GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
    repository_size_limit int
    Size limit per repository (MB).
    repository_storages Sequence[str]
    (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
    repository_storages_weighted Mapping[str, int]
    (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
    require_admin_approval_after_user_signup bool
    When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
    require_two_factor_authentication bool
    (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
    restricted_visibility_levels Sequence[str]
    Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
    rsa_key_restriction int
    The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
    search_rate_limit int
    Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
    search_rate_limit_unauthenticated int
    Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
    send_user_confirmation_email bool
    Send confirmation email on sign-up.
    session_expire_delay int
    Session duration in minutes. GitLab restart is required to apply changes.
    shared_runners_enabled bool
    (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
    shared_runners_minutes int
    Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
    shared_runners_text str
    Shared runners text.
    sidekiq_job_limiter_compression_threshold_bytes int
    The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
    sidekiq_job_limiter_limit_bytes int
    The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
    sidekiq_job_limiter_mode str
    track or compress. Sets the behavior for Sidekiq job size limits.
    sign_in_text str
    Text on the login page.
    signup_enabled bool
    Enable registration.
    slack_app_enabled bool
    (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
    slack_app_id str
    The app ID of the Slack-app.
    slack_app_secret str
    The app secret of the Slack-app.
    slack_app_signing_secret str
    The signing secret of the Slack-app.
    slack_app_verification_token str
    The verification token of the Slack-app.
    snippet_size_limit int
    Max snippet content size in bytes.
    snowplow_app_id str
    The Snowplow site name / application ID. (for example, gitlab)
    snowplow_collector_hostname str
    The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
    snowplow_cookie_domain str
    The Snowplow cookie domain. (for example, .gitlab.com)
    snowplow_enabled bool
    Enable snowplow tracking.
    sourcegraph_enabled bool
    Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
    sourcegraph_public_only bool
    Blocks Sourcegraph from being loaded on private and internal projects.
    sourcegraph_url str
    The Sourcegraph instance URL for integration.
    spam_check_api_key str
    API key used by GitLab for accessing the Spam Check service endpoint.
    spam_check_endpoint_enabled bool
    Enables spam checking using external Spam Check API endpoint.
    spam_check_endpoint_url str
    URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
    suggest_pipeline_enabled bool
    Enable pipeline suggestion banner.
    terminal_max_session_time int
    Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
    terms str
    (Required by: enforce_terms) Markdown content for the ToS.
    throttle_authenticated_api_enabled bool
    (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttle_authenticated_api_period_in_seconds int
    Rate limit period (in seconds).
    throttle_authenticated_api_requests_per_period int
    Maximum requests per period per user.
    throttle_authenticated_packages_api_enabled bool
    (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    throttle_authenticated_packages_api_period_in_seconds int
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    throttle_authenticated_packages_api_requests_per_period int
    Maximum requests per period per user. View Package Registry rate limits for more details.
    throttle_authenticated_web_enabled bool
    (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttle_authenticated_web_period_in_seconds int
    Rate limit period (in seconds).
    throttle_authenticated_web_requests_per_period int
    Maximum requests per period per user.
    throttle_unauthenticated_api_enabled bool
    (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttle_unauthenticated_api_period_in_seconds int
    Rate limit period in seconds.
    throttle_unauthenticated_api_requests_per_period int
    Max requests per period per IP.
    throttle_unauthenticated_packages_api_enabled bool
    (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    throttle_unauthenticated_packages_api_period_in_seconds int
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    throttle_unauthenticated_packages_api_requests_per_period int
    Maximum requests per period per user. View Package Registry rate limits for more details.
    throttle_unauthenticated_web_enabled bool
    (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttle_unauthenticated_web_period_in_seconds int
    Rate limit period in seconds.
    throttle_unauthenticated_web_requests_per_period int
    Max requests per period per IP.
    time_tracking_limit_to_hours bool
    Limit display of time tracking units to hours.
    two_factor_grace_period int
    Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
    unique_ips_limit_enabled bool
    (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
    unique_ips_limit_per_user int
    Maximum number of IPs per user.
    unique_ips_limit_time_window int
    How many seconds an IP is counted towards the limit.
    usage_ping_enabled bool
    Every week GitLab reports license usage back to GitLab, Inc.
    user_deactivation_emails_enabled bool
    Send an email to users upon account deactivation.
    user_default_external bool
    Newly registered users are external by default.
    user_default_internal_regex str
    Specify an email address regex pattern to identify default internal users.
    user_oauth_applications bool
    Allow users to register any application to use GitLab as an OAuth provider.
    user_show_add_ssh_key_message bool
    When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
    version_check_enabled bool
    Let GitLab inform you when an update is available.
    web_ide_clientside_preview_enabled bool
    Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
    whats_new_variant str
    What’s new variant, possible values: alltiers, currenttier, and disabled.
    wiki_page_max_content_bytes int
    Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
    abuseNotificationEmail String
    If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
    adminMode Boolean
    Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
    afterSignOutPath String
    Where to redirect users after logout.
    afterSignUpText String
    Text shown to the user after signing up.
    akismetApiKey String
    API key for Akismet spam protection.
    akismetEnabled Boolean
    (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
    allowGroupOwnersToManageLdap Boolean
    Set to true to allow group owners to manage LDAP.
    allowLocalRequestsFromSystemHooks Boolean
    Allow requests to the local network from system hooks.
    allowLocalRequestsFromWebHooksAndServices Boolean
    Allow requests to the local network from web hooks and services.
    archiveBuildsInHumanReadable String
    Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
    assetProxyAllowlists List<String>
    Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
    assetProxyEnabled Boolean
    (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
    assetProxySecretKey String
    Shared secret with the asset proxy server. GitLab restart is required to apply changes.
    assetProxyUrl String
    URL of the asset proxy server. GitLab restart is required to apply changes.
    authorizedKeysEnabled Boolean
    By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
    autoDevopsDomain String
    Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
    autoDevopsEnabled Boolean
    Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
    automaticPurchasedStorageAllocation Boolean
    Enabling this permits automatic allocation of purchased storage in a namespace.
    canCreateGroup Boolean
    Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
    checkNamespacePlan Boolean
    Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
    commitEmailHostname String
    Custom hostname (for private commit emails).
    containerExpirationPoliciesEnableHistoricEntries Boolean
    Enable cleanup policies for all projects.
    containerRegistryCleanupTagsServiceMaxListSize Number
    The maximum number of tags that can be deleted in a single execution of cleanup policies.
    containerRegistryDeleteTagsServiceTimeout Number
    The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
    containerRegistryExpirationPoliciesCaching Boolean
    Caching during the execution of cleanup policies.
    containerRegistryExpirationPoliciesWorkerCapacity Number
    Number of workers for cleanup policies.
    containerRegistryTokenExpireDelay Number
    Container Registry token duration in minutes.
    deactivateDormantUsers Boolean
    Enable automatic deactivation of dormant users.
    defaultArtifactsExpireIn String
    Set the default expiration time for each job’s artifacts.
    defaultBranchName String
    Instance-level custom initial branch name (introduced in GitLab 13.2).
    defaultBranchProtection Number
    Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
    defaultCiConfigPath String
    Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
    defaultGroupVisibility String
    What visibility level new groups receive. Can take private, internal and public as a parameter.
    defaultProjectCreation Number
    Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
    defaultProjectVisibility String
    What visibility level new projects receive. Can take private, internal and public as a parameter.
    defaultProjectsLimit Number
    Project limit per user.
    defaultSnippetVisibility String
    What visibility level new snippets receive. Can take private, internal and public as a parameter.
    deleteInactiveProjects Boolean
    Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
    deletionAdjournedPeriod Number
    The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
    diffMaxFiles Number
    Maximum files in a diff.
    diffMaxLines Number
    Maximum lines in a diff.
    diffMaxPatchBytes Number
    Maximum diff patch size, in bytes.
    disableFeedToken Boolean
    Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
    disabledOauthSignInSources List<String>
    Disabled OAuth sign-in sources.
    dnsRebindingProtectionEnabled Boolean
    Enforce DNS rebinding attack protection.
    domainAllowlists List<String>
    Force people to use only corporate emails for sign-up. Null means there is no restriction.
    domainDenylistEnabled Boolean
    (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
    domainDenylists List<String>
    Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
    dsaKeyRestriction Number
    The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
    ecdsaKeyRestriction Number
    The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
    ecdsaSkKeyRestriction Number
    The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
    ed25519KeyRestriction Number
    The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
    ed25519SkKeyRestriction Number
    The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
    eksAccessKeyId String
    AWS IAM access key ID.
    eksAccountId String
    Amazon account ID.
    eksIntegrationEnabled Boolean
    Enable integration with Amazon EKS.
    eksSecretAccessKey String
    AWS IAM secret access key.
    elasticsearchAws Boolean
    Enable the use of AWS hosted Elasticsearch.
    elasticsearchAwsAccessKey String
    AWS IAM access key.
    elasticsearchAwsRegion String
    The AWS region the Elasticsearch domain is configured.
    elasticsearchAwsSecretAccessKey String
    AWS IAM secret access key.
    elasticsearchIndexedFieldLengthLimit Number
    Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
    elasticsearchIndexedFileSizeLimitKb Number
    Maximum size of repository and wiki files that are indexed by Elasticsearch.
    elasticsearchIndexing Boolean
    Enable Elasticsearch indexing.
    elasticsearchLimitIndexing Boolean
    Limit Elasticsearch to index certain namespaces and projects.
    elasticsearchMaxBulkConcurrency Number
    Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
    elasticsearchMaxBulkSizeMb Number
    Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
    elasticsearchNamespaceIds List<Number>
    The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    elasticsearchPassword String
    The password of your Elasticsearch instance.
    elasticsearchProjectIds List<Number>
    The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
    elasticsearchSearch Boolean
    Enable Elasticsearch search.
    elasticsearchUrls List<String>
    The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
    elasticsearchUsername String
    The username of your Elasticsearch instance.
    emailAdditionalText String
    Additional text added to the bottom of every email for legal/auditing/compliance reasons.
    emailAuthorInBody Boolean
    Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
    enabledGitAccessProtocol String
    Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
    enforceNamespaceStorageLimit Boolean
    Enabling this permits enforcement of namespace storage limits.
    enforceTerms Boolean
    (If enabled, requires: terms) Enforce application ToS to all users.
    externalAuthClientCert String
    (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
    externalAuthClientKey String
    Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
    externalAuthClientKeyPass String
    Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
    externalAuthorizationServiceDefaultLabel String
    The default classification label to use when requesting authorization and no classification label has been specified on the project.
    externalAuthorizationServiceEnabled Boolean
    (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
    externalAuthorizationServiceTimeout Number
    The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
    externalAuthorizationServiceUrl String
    URL to which authorization requests are directed.
    externalPipelineValidationServiceTimeout Number
    How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
    externalPipelineValidationServiceToken String
    Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
    externalPipelineValidationServiceUrl String
    URL to use for pipeline validation requests.
    fileTemplateProjectId Number
    The ID of a project to load custom file templates from.
    firstDayOfWeek Number
    Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
    geoNodeAllowedIps String
    Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
    geoStatusTimeout Number
    The amount of seconds after which a request to get a secondary node status times out.
    gitRateLimitUsersAllowlists List<String>
    List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
    gitTwoFactorSessionExpiry Number
    Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
    gitalyTimeoutDefault Number
    Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
    gitalyTimeoutFast Number
    Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
    gitalyTimeoutMedium Number
    Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
    grafanaEnabled Boolean
    Enable Grafana.
    grafanaUrl String
    Grafana URL.
    gravatarEnabled Boolean
    Enable Gravatar.
    groupOwnersCanManageDefaultBranchProtection Boolean
    Prevent overrides of default branch protection.
    hashedStorageEnabled Boolean
    Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
    helpPageHideCommercialContent Boolean
    Hide marketing-related entries from help.
    helpPageSupportUrl String
    Alternate support URL for help page and help dropdown.
    helpPageText String
    Custom text displayed on the help page.
    helpText String
    GitLab server administrator information.
    hideThirdPartyOffers Boolean
    Do not display offers from third parties in GitLab.
    homePageUrl String
    Redirect to this URL when not logged in.
    housekeepingEnabled Boolean
    Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
    housekeepingFullRepackPeriod Number
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_full_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeepingGcPeriod Number
    Number of Git pushes after which git gc is run.

    Deprecated:housekeeping_gc_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeepingIncrementalRepackPeriod Number
    Number of Git pushes after which an incremental git repack is run.

    Deprecated:housekeeping_incremental_repack_period is deprecated. Use housekeeping_optimize_repository_period instead.

    housekeepingOptimizeRepositoryPeriod Number
    Number of Git pushes after which an incremental git repack is run.
    htmlEmailsEnabled Boolean
    Enable HTML emails.
    importSources List<String>
    Sources to allow project import from. Valid values are: github, bitbucket, bitbucket_server, fogbugz, git, gitlab.Project, gitea, manifest
    inProductMarketingEmailsEnabled Boolean
    Enable in-product marketing emails.
    inactiveProjectsDeleteAfterMonths Number
    If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    inactiveProjectsMinSizeMb Number
    If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    inactiveProjectsSendWarningEmailAfterMonths Number
    If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
    invisibleCaptchaEnabled Boolean
    Enable Invisible CAPTCHA spam detection during sign-up.
    issuesCreateLimit Number
    Max number of issue creation requests per minute per user.
    keepLatestArtifact Boolean
    Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
    localMarkdownVersion Number
    Increase this value when any cached Markdown should be invalidated.
    mailgunEventsEnabled Boolean
    Enable Mailgun event receiver.
    mailgunSigningKey String
    The Mailgun HTTP webhook signing key for receiving events from webhook.
    maintenanceMode Boolean
    When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
    maintenanceModeMessage String
    Message displayed when instance is in maintenance mode.
    maxArtifactsSize Number
    Maximum artifacts size in MB.
    maxAttachmentSize Number
    Limit attachment size in MB.
    maxExportSize Number
    Maximum export size in MB. 0 for unlimited.
    maxImportSize Number
    Maximum import size in MB. 0 for unlimited.
    maxNumberOfRepositoryDownloads Number
    Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
    maxNumberOfRepositoryDownloadsWithinTimePeriod Number
    Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
    maxPagesSize Number
    Maximum size of pages repositories in MB.
    maxPersonalAccessTokenLifetime Number
    Maximum allowable lifetime for access tokens in days.
    maxSshKeyLifetime Number
    Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
    metricsMethodCallThreshold Number
    A method call is only tracked when it takes longer than the given amount of milliseconds.
    mirrorAvailable Boolean
    Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
    mirrorCapacityThreshold Number
    Minimum capacity to be available before scheduling more mirrors preemptively.
    mirrorMaxCapacity Number
    Maximum number of mirrors that can be synchronizing at the same time.
    mirrorMaxDelay Number
    Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
    npmPackageRequestsForwarding Boolean
    Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
    outboundLocalRequestsWhitelists List<String>
    Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
    packageRegistryCleanupPoliciesWorkerCapacity Number
    Number of workers assigned to the packages cleanup policies.
    pagesDomainVerificationEnabled Boolean
    Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
    passwordAuthenticationEnabledForGit Boolean
    Enable authentication for Git over HTTP(S) via a GitLab account password.
    passwordAuthenticationEnabledForWeb Boolean
    Enable authentication for the web interface via a GitLab account password.
    passwordLowercaseRequired Boolean
    Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
    passwordNumberRequired Boolean
    Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
    passwordSymbolRequired Boolean
    Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
    passwordUppercaseRequired Boolean
    Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
    performanceBarAllowedGroupPath String
    Path of the group that is allowed to toggle the performance bar.
    personalAccessTokenPrefix String
    Prefix for all generated personal access tokens.
    pipelineLimitPerProjectUserSha Number
    Maximum number of pipeline creation requests per minute per user and commit.
    plantumlEnabled Boolean
    (If enabled, requires: plantuml_url) Enable PlantUML integration.
    plantumlUrl String
    The PlantUML instance URL for integration.
    pollingIntervalMultiplier Number
    Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
    projectExportEnabled Boolean
    Enable project export.
    prometheusMetricsEnabled Boolean
    Enable Prometheus metrics.
    protectedCiVariables Boolean
    CI/CD variables are protected by default.
    pushEventActivitiesLimit Number
    Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
    pushEventHooksLimit Number
    Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
    pypiPackageRequestsForwarding Boolean
    Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
    rateLimitingResponseText String
    When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
    rawBlobRequestLimit Number
    Max number of requests per minute for each raw path. To disable throttling set to 0.
    recaptchaEnabled Boolean
    (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
    recaptchaPrivateKey String
    Private key for reCAPTCHA.
    recaptchaSiteKey String
    Site key for reCAPTCHA.
    receiveMaxInputSize Number
    Maximum push size (MB).
    repositoryChecksEnabled Boolean
    GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
    repositorySizeLimit Number
    Size limit per repository (MB).
    repositoryStorages List<String>
    (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
    repositoryStoragesWeighted Map<Number>
    (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
    requireAdminApprovalAfterUserSignup Boolean
    When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
    requireTwoFactorAuthentication Boolean
    (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
    restrictedVisibilityLevels List<String>
    Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
    rsaKeyRestriction Number
    The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
    searchRateLimit Number
    Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
    searchRateLimitUnauthenticated Number
    Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
    sendUserConfirmationEmail Boolean
    Send confirmation email on sign-up.
    sessionExpireDelay Number
    Session duration in minutes. GitLab restart is required to apply changes.
    sharedRunnersEnabled Boolean
    (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
    sharedRunnersMinutes Number
    Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
    sharedRunnersText String
    Shared runners text.
    sidekiqJobLimiterCompressionThresholdBytes Number
    The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
    sidekiqJobLimiterLimitBytes Number
    The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
    sidekiqJobLimiterMode String
    track or compress. Sets the behavior for Sidekiq job size limits.
    signInText String
    Text on the login page.
    signupEnabled Boolean
    Enable registration.
    slackAppEnabled Boolean
    (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
    slackAppId String
    The app ID of the Slack-app.
    slackAppSecret String
    The app secret of the Slack-app.
    slackAppSigningSecret String
    The signing secret of the Slack-app.
    slackAppVerificationToken String
    The verification token of the Slack-app.
    snippetSizeLimit Number
    Max snippet content size in bytes.
    snowplowAppId String
    The Snowplow site name / application ID. (for example, gitlab)
    snowplowCollectorHostname String
    The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
    snowplowCookieDomain String
    The Snowplow cookie domain. (for example, .gitlab.com)
    snowplowEnabled Boolean
    Enable snowplow tracking.
    sourcegraphEnabled Boolean
    Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
    sourcegraphPublicOnly Boolean
    Blocks Sourcegraph from being loaded on private and internal projects.
    sourcegraphUrl String
    The Sourcegraph instance URL for integration.
    spamCheckApiKey String
    API key used by GitLab for accessing the Spam Check service endpoint.
    spamCheckEndpointEnabled Boolean
    Enables spam checking using external Spam Check API endpoint.
    spamCheckEndpointUrl String
    URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
    suggestPipelineEnabled Boolean
    Enable pipeline suggestion banner.
    terminalMaxSessionTime Number
    Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
    terms String
    (Required by: enforce_terms) Markdown content for the ToS.
    throttleAuthenticatedApiEnabled Boolean
    (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleAuthenticatedApiPeriodInSeconds Number
    Rate limit period (in seconds).
    throttleAuthenticatedApiRequestsPerPeriod Number
    Maximum requests per period per user.
    throttleAuthenticatedPackagesApiEnabled Boolean
    (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    throttleAuthenticatedPackagesApiPeriodInSeconds Number
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    throttleAuthenticatedPackagesApiRequestsPerPeriod Number
    Maximum requests per period per user. View Package Registry rate limits for more details.
    throttleAuthenticatedWebEnabled Boolean
    (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleAuthenticatedWebPeriodInSeconds Number
    Rate limit period (in seconds).
    throttleAuthenticatedWebRequestsPerPeriod Number
    Maximum requests per period per user.
    throttleUnauthenticatedApiEnabled Boolean
    (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleUnauthenticatedApiPeriodInSeconds Number
    Rate limit period in seconds.
    throttleUnauthenticatedApiRequestsPerPeriod Number
    Max requests per period per IP.
    throttleUnauthenticatedPackagesApiEnabled Boolean
    (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
    throttleUnauthenticatedPackagesApiPeriodInSeconds Number
    Rate limit period (in seconds). View Package Registry rate limits for more details.
    throttleUnauthenticatedPackagesApiRequestsPerPeriod Number
    Maximum requests per period per user. View Package Registry rate limits for more details.
    throttleUnauthenticatedWebEnabled Boolean
    (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
    throttleUnauthenticatedWebPeriodInSeconds Number
    Rate limit period in seconds.
    throttleUnauthenticatedWebRequestsPerPeriod Number
    Max requests per period per IP.
    timeTrackingLimitToHours Boolean
    Limit display of time tracking units to hours.
    twoFactorGracePeriod Number
    Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
    uniqueIpsLimitEnabled Boolean
    (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
    uniqueIpsLimitPerUser Number
    Maximum number of IPs per user.
    uniqueIpsLimitTimeWindow Number
    How many seconds an IP is counted towards the limit.
    usagePingEnabled Boolean
    Every week GitLab reports license usage back to GitLab, Inc.
    userDeactivationEmailsEnabled Boolean
    Send an email to users upon account deactivation.
    userDefaultExternal Boolean
    Newly registered users are external by default.
    userDefaultInternalRegex String
    Specify an email address regex pattern to identify default internal users.
    userOauthApplications Boolean
    Allow users to register any application to use GitLab as an OAuth provider.
    userShowAddSshKeyMessage Boolean
    When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
    versionCheckEnabled Boolean
    Let GitLab inform you when an update is available.
    webIdeClientsidePreviewEnabled Boolean
    Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
    whatsNewVariant String
    What’s new variant, possible values: alltiers, currenttier, and disabled.
    wikiPageMaxContentBytes Number
    Maximum wiki page content size in bytes. The minimum value is 1024 bytes.

    Package Details

    Repository
    GitLab pulumi/pulumi-gitlab
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the gitlab Terraform Provider.
    gitlab logo
    GitLab v6.10.0 published on Monday, Mar 25, 2024 by Pulumi