gitlab.ApplicationSettings
Example Usage
using System.Collections.Generic;
using Pulumi;
using GitLab = Pulumi.GitLab;
return await Deployment.RunAsync(() =>
{
// Set the 2FA settings
var @this = new GitLab.ApplicationSettings("this", new()
{
RequireTwoFactorAuthentication = true,
TwoFactorGracePeriod = 24,
});
});
package main
import (
"github.com/pulumi/pulumi-gitlab/sdk/v4/go/gitlab"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := gitlab.NewApplicationSettings(ctx, "this", &gitlab.ApplicationSettingsArgs{
RequireTwoFactorAuthentication: pulumi.Bool(true),
TwoFactorGracePeriod: pulumi.Int(24),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gitlab.ApplicationSettings;
import com.pulumi.gitlab.ApplicationSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var this_ = new ApplicationSettings("this", ApplicationSettingsArgs.builder()
.requireTwoFactorAuthentication(true)
.twoFactorGracePeriod(24)
.build());
}
}
import pulumi
import pulumi_gitlab as gitlab
# Set the 2FA settings
this = gitlab.ApplicationSettings("this",
require_two_factor_authentication=True,
two_factor_grace_period=24)
import * as pulumi from "@pulumi/pulumi";
import * as gitlab from "@pulumi/gitlab";
// Set the 2FA settings
const thisApplicationSettings = new gitlab.ApplicationSettings("this", {
requireTwoFactorAuthentication: true,
twoFactorGracePeriod: 24,
});
resources:
# Set the 2FA settings
this:
type: gitlab:ApplicationSettings
properties:
requireTwoFactorAuthentication: true
twoFactorGracePeriod: 24
Create ApplicationSettings Resource
new ApplicationSettings(name: string, args?: ApplicationSettingsArgs, opts?: CustomResourceOptions);@overload
def ApplicationSettings(resource_name: str,
opts: Optional[ResourceOptions] = None,
abuse_notification_email: Optional[str] = None,
admin_mode: Optional[bool] = None,
after_sign_out_path: Optional[str] = None,
after_sign_up_text: Optional[str] = None,
akismet_api_key: Optional[str] = None,
akismet_enabled: Optional[bool] = None,
allow_group_owners_to_manage_ldap: Optional[bool] = None,
allow_local_requests_from_system_hooks: Optional[bool] = None,
allow_local_requests_from_web_hooks_and_services: Optional[bool] = None,
archive_builds_in_human_readable: Optional[str] = None,
asset_proxy_allowlists: Optional[Sequence[str]] = None,
asset_proxy_enabled: Optional[bool] = None,
asset_proxy_secret_key: Optional[str] = None,
asset_proxy_url: Optional[str] = None,
authorized_keys_enabled: Optional[bool] = None,
auto_devops_domain: Optional[str] = None,
auto_devops_enabled: Optional[bool] = None,
automatic_purchased_storage_allocation: Optional[bool] = None,
check_namespace_plan: Optional[bool] = None,
commit_email_hostname: Optional[str] = None,
container_expiration_policies_enable_historic_entries: Optional[bool] = None,
container_registry_cleanup_tags_service_max_list_size: Optional[int] = None,
container_registry_delete_tags_service_timeout: Optional[int] = None,
container_registry_expiration_policies_caching: Optional[bool] = None,
container_registry_expiration_policies_worker_capacity: Optional[int] = None,
container_registry_token_expire_delay: Optional[int] = None,
deactivate_dormant_users: Optional[bool] = None,
default_artifacts_expire_in: Optional[str] = None,
default_branch_name: Optional[str] = None,
default_branch_protection: Optional[int] = None,
default_ci_config_path: Optional[str] = None,
default_group_visibility: Optional[str] = None,
default_project_creation: Optional[int] = None,
default_project_visibility: Optional[str] = None,
default_projects_limit: Optional[int] = None,
default_snippet_visibility: Optional[str] = None,
delayed_group_deletion: Optional[bool] = None,
delayed_project_deletion: Optional[bool] = None,
delete_inactive_projects: Optional[bool] = None,
deletion_adjourned_period: Optional[int] = None,
diff_max_files: Optional[int] = None,
diff_max_lines: Optional[int] = None,
diff_max_patch_bytes: Optional[int] = None,
disable_feed_token: Optional[bool] = None,
disabled_oauth_sign_in_sources: Optional[Sequence[str]] = None,
dns_rebinding_protection_enabled: Optional[bool] = None,
domain_allowlists: Optional[Sequence[str]] = None,
domain_denylist_enabled: Optional[bool] = None,
domain_denylists: Optional[Sequence[str]] = None,
dsa_key_restriction: Optional[int] = None,
ecdsa_key_restriction: Optional[int] = None,
ecdsa_sk_key_restriction: Optional[int] = None,
ed25519_key_restriction: Optional[int] = None,
ed25519_sk_key_restriction: Optional[int] = None,
eks_access_key_id: Optional[str] = None,
eks_account_id: Optional[str] = None,
eks_integration_enabled: Optional[bool] = None,
eks_secret_access_key: Optional[str] = None,
elasticsearch_aws: Optional[bool] = None,
elasticsearch_aws_access_key: Optional[str] = None,
elasticsearch_aws_region: Optional[str] = None,
elasticsearch_aws_secret_access_key: Optional[str] = None,
elasticsearch_indexed_field_length_limit: Optional[int] = None,
elasticsearch_indexed_file_size_limit_kb: Optional[int] = None,
elasticsearch_indexing: Optional[bool] = None,
elasticsearch_limit_indexing: Optional[bool] = None,
elasticsearch_max_bulk_concurrency: Optional[int] = None,
elasticsearch_max_bulk_size_mb: Optional[int] = None,
elasticsearch_namespace_ids: Optional[Sequence[str]] = None,
elasticsearch_password: Optional[str] = None,
elasticsearch_project_ids: Optional[Sequence[str]] = None,
elasticsearch_search: Optional[bool] = None,
elasticsearch_urls: Optional[Sequence[str]] = None,
elasticsearch_username: Optional[str] = None,
email_additional_text: Optional[str] = None,
email_author_in_body: Optional[bool] = None,
enabled_git_access_protocol: Optional[str] = None,
enforce_namespace_storage_limit: Optional[bool] = None,
enforce_terms: Optional[bool] = None,
external_auth_client_cert: Optional[str] = None,
external_auth_client_key: Optional[str] = None,
external_auth_client_key_pass: Optional[str] = None,
external_authorization_service_default_label: Optional[str] = None,
external_authorization_service_enabled: Optional[bool] = None,
external_authorization_service_timeout: Optional[float] = None,
external_authorization_service_url: Optional[str] = None,
external_pipeline_validation_service_timeout: Optional[int] = None,
external_pipeline_validation_service_token: Optional[str] = None,
external_pipeline_validation_service_url: Optional[str] = None,
file_template_project_id: Optional[int] = None,
first_day_of_week: Optional[int] = None,
geo_node_allowed_ips: Optional[str] = None,
geo_status_timeout: Optional[int] = None,
git_rate_limit_users_allowlists: Optional[Sequence[str]] = None,
git_two_factor_session_expiry: Optional[int] = None,
gitaly_timeout_default: Optional[int] = None,
gitaly_timeout_fast: Optional[int] = None,
gitaly_timeout_medium: Optional[int] = None,
grafana_enabled: Optional[bool] = None,
grafana_url: Optional[str] = None,
gravatar_enabled: Optional[bool] = None,
hashed_storage_enabled: Optional[bool] = None,
help_page_hide_commercial_content: Optional[bool] = None,
help_page_support_url: Optional[str] = None,
help_page_text: Optional[str] = None,
help_text: Optional[str] = None,
hide_third_party_offers: Optional[bool] = None,
home_page_url: Optional[str] = None,
housekeeping_enabled: Optional[bool] = None,
housekeeping_full_repack_period: Optional[int] = None,
housekeeping_gc_period: Optional[int] = None,
housekeeping_incremental_repack_period: Optional[int] = None,
html_emails_enabled: Optional[bool] = None,
import_sources: Optional[Sequence[str]] = None,
in_product_marketing_emails_enabled: Optional[bool] = None,
inactive_projects_delete_after_months: Optional[int] = None,
inactive_projects_min_size_mb: Optional[int] = None,
inactive_projects_send_warning_email_after_months: Optional[int] = None,
invisible_captcha_enabled: Optional[bool] = None,
issues_create_limit: Optional[int] = None,
keep_latest_artifact: Optional[bool] = None,
local_markdown_version: Optional[int] = None,
mailgun_events_enabled: Optional[bool] = None,
mailgun_signing_key: Optional[str] = None,
maintenance_mode: Optional[bool] = None,
maintenance_mode_message: Optional[str] = None,
max_artifacts_size: Optional[int] = None,
max_attachment_size: Optional[int] = None,
max_export_size: Optional[int] = None,
max_import_size: Optional[int] = None,
max_number_of_repository_downloads: Optional[int] = None,
max_number_of_repository_downloads_within_time_period: Optional[int] = None,
max_pages_size: Optional[int] = None,
max_personal_access_token_lifetime: Optional[int] = None,
max_ssh_key_lifetime: Optional[int] = None,
metrics_method_call_threshold: Optional[int] = None,
mirror_available: Optional[bool] = None,
mirror_capacity_threshold: Optional[int] = None,
mirror_max_capacity: Optional[int] = None,
mirror_max_delay: Optional[int] = None,
npm_package_requests_forwarding: Optional[bool] = None,
outbound_local_requests_whitelists: Optional[Sequence[str]] = None,
package_registry_cleanup_policies_worker_capacity: Optional[int] = None,
pages_domain_verification_enabled: Optional[bool] = None,
password_authentication_enabled_for_git: Optional[bool] = None,
password_authentication_enabled_for_web: Optional[bool] = None,
password_lowercase_required: Optional[bool] = None,
password_number_required: Optional[bool] = None,
password_symbol_required: Optional[bool] = None,
password_uppercase_required: Optional[bool] = None,
performance_bar_allowed_group_path: Optional[str] = None,
personal_access_token_prefix: Optional[str] = None,
pipeline_limit_per_project_user_sha: Optional[int] = None,
plantuml_enabled: Optional[bool] = None,
plantuml_url: Optional[str] = None,
polling_interval_multiplier: Optional[float] = None,
project_export_enabled: Optional[bool] = None,
prometheus_metrics_enabled: Optional[bool] = None,
protected_ci_variables: Optional[bool] = None,
push_event_activities_limit: Optional[int] = None,
push_event_hooks_limit: Optional[int] = None,
pypi_package_requests_forwarding: Optional[bool] = None,
rate_limiting_response_text: Optional[str] = None,
raw_blob_request_limit: Optional[int] = None,
recaptcha_enabled: Optional[bool] = None,
recaptcha_private_key: Optional[str] = None,
recaptcha_site_key: Optional[str] = None,
receive_max_input_size: Optional[int] = None,
repository_checks_enabled: Optional[bool] = None,
repository_size_limit: Optional[int] = None,
repository_storages: Optional[Sequence[str]] = None,
repository_storages_weighted: Optional[Mapping[str, int]] = None,
require_admin_approval_after_user_signup: Optional[bool] = None,
require_two_factor_authentication: Optional[bool] = None,
restricted_visibility_levels: Optional[Sequence[str]] = None,
rsa_key_restriction: Optional[int] = None,
search_rate_limit: Optional[int] = None,
search_rate_limit_unauthenticated: Optional[int] = None,
send_user_confirmation_email: Optional[bool] = None,
session_expire_delay: Optional[int] = None,
shared_runners_enabled: Optional[bool] = None,
shared_runners_minutes: Optional[int] = None,
shared_runners_text: Optional[str] = None,
sidekiq_job_limiter_compression_threshold_bytes: Optional[int] = None,
sidekiq_job_limiter_limit_bytes: Optional[int] = None,
sidekiq_job_limiter_mode: Optional[str] = None,
sign_in_text: Optional[str] = None,
signup_enabled: Optional[bool] = None,
slack_app_enabled: Optional[bool] = None,
slack_app_id: Optional[str] = None,
slack_app_secret: Optional[str] = None,
slack_app_signing_secret: Optional[str] = None,
slack_app_verification_token: Optional[str] = None,
snippet_size_limit: Optional[int] = None,
snowplow_app_id: Optional[str] = None,
snowplow_collector_hostname: Optional[str] = None,
snowplow_cookie_domain: Optional[str] = None,
snowplow_enabled: Optional[bool] = None,
sourcegraph_enabled: Optional[bool] = None,
sourcegraph_public_only: Optional[bool] = None,
sourcegraph_url: Optional[str] = None,
spam_check_api_key: Optional[str] = None,
spam_check_endpoint_enabled: Optional[bool] = None,
spam_check_endpoint_url: Optional[str] = None,
suggest_pipeline_enabled: Optional[bool] = None,
terminal_max_session_time: Optional[int] = None,
terms: Optional[str] = None,
throttle_authenticated_api_enabled: Optional[bool] = None,
throttle_authenticated_api_period_in_seconds: Optional[int] = None,
throttle_authenticated_api_requests_per_period: Optional[int] = None,
throttle_authenticated_packages_api_enabled: Optional[bool] = None,
throttle_authenticated_packages_api_period_in_seconds: Optional[int] = None,
throttle_authenticated_packages_api_requests_per_period: Optional[int] = None,
throttle_authenticated_web_enabled: Optional[bool] = None,
throttle_authenticated_web_period_in_seconds: Optional[int] = None,
throttle_authenticated_web_requests_per_period: Optional[int] = None,
throttle_unauthenticated_api_enabled: Optional[bool] = None,
throttle_unauthenticated_api_period_in_seconds: Optional[int] = None,
throttle_unauthenticated_api_requests_per_period: Optional[int] = None,
throttle_unauthenticated_packages_api_enabled: Optional[bool] = None,
throttle_unauthenticated_packages_api_period_in_seconds: Optional[int] = None,
throttle_unauthenticated_packages_api_requests_per_period: Optional[int] = None,
throttle_unauthenticated_web_enabled: Optional[bool] = None,
throttle_unauthenticated_web_period_in_seconds: Optional[int] = None,
throttle_unauthenticated_web_requests_per_period: Optional[int] = None,
time_tracking_limit_to_hours: Optional[bool] = None,
two_factor_grace_period: Optional[int] = None,
unique_ips_limit_enabled: Optional[bool] = None,
unique_ips_limit_per_user: Optional[int] = None,
unique_ips_limit_time_window: Optional[int] = None,
usage_ping_enabled: Optional[bool] = None,
user_deactivation_emails_enabled: Optional[bool] = None,
user_default_external: Optional[bool] = None,
user_default_internal_regex: Optional[str] = None,
user_oauth_applications: Optional[bool] = None,
user_show_add_ssh_key_message: Optional[bool] = None,
version_check_enabled: Optional[bool] = None,
web_ide_clientside_preview_enabled: Optional[bool] = None,
whats_new_variant: Optional[str] = None,
wiki_page_max_content_bytes: Optional[int] = None)
@overload
def ApplicationSettings(resource_name: str,
args: Optional[ApplicationSettingsArgs] = None,
opts: Optional[ResourceOptions] = None)func NewApplicationSettings(ctx *Context, name string, args *ApplicationSettingsArgs, opts ...ResourceOption) (*ApplicationSettings, error)public ApplicationSettings(string name, ApplicationSettingsArgs? args = null, CustomResourceOptions? opts = null)
public ApplicationSettings(String name, ApplicationSettingsArgs args)
public ApplicationSettings(String name, ApplicationSettingsArgs args, CustomResourceOptions options)
type: gitlab:ApplicationSettings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ApplicationSettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ApplicationSettingsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ApplicationSettingsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ApplicationSettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ApplicationSettingsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
ApplicationSettings Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ApplicationSettings resource accepts the following input properties:
- Abuse
Notification stringEmail If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- Admin
Mode bool Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- After
Sign stringOut Path Where to redirect users after logout.
- After
Sign stringUp Text Text shown to the user after signing up.
- string
API key for Akismet spam protection.
- bool
(If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- Allow
Group boolOwners To Manage Ldap Set to true to allow group owners to manage LDAP.
- Allow
Local boolRequests From System Hooks Allow requests to the local network from system hooks.
- Allow
Local boolRequests From Web Hooks And Services Allow requests to the local network from web hooks and services.
- Archive
Builds stringIn Human Readable Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- Asset
Proxy List<string>Allowlists Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- Asset
Proxy boolEnabled (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- Asset
Proxy stringSecret Key Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- Asset
Proxy stringUrl URL of the asset proxy server. GitLab restart is required to apply changes.
- bool
By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- Auto
Devops stringDomain Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- Auto
Devops boolEnabled Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- Automatic
Purchased boolStorage Allocation Enabling this permits automatic allocation of purchased storage in a namespace.
- Check
Namespace boolPlan Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- Commit
Email stringHostname Custom hostname (for private commit emails).
- Container
Expiration boolPolicies Enable Historic Entries Enable cleanup policies for all projects.
- int
The maximum number of tags that can be deleted in a single execution of cleanup policies.
- int
The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- Container
Registry boolExpiration Policies Caching Caching during the execution of cleanup policies.
- Container
Registry intExpiration Policies Worker Capacity Number of workers for cleanup policies.
- Container
Registry intToken Expire Delay Container Registry token duration in minutes.
- Deactivate
Dormant boolUsers Enable automatic deactivation of dormant users.
- Default
Artifacts stringExpire In Set the default expiration time for each job’s artifacts.
- Default
Branch stringName Instance-level custom initial branch name (introduced in GitLab 13.2).
- Default
Branch intProtection Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- Default
Ci stringConfig Path Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- Default
Group stringVisibility What visibility level new groups receive. Can take private, internal and public as a parameter. Default is private.
- Default
Project intCreation Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- Default
Project stringVisibility What visibility level new projects receive. Can take private, internal and public as a parameter. Default is private.
- Default
Projects intLimit Project limit per user. Default is 100000.
- Default
Snippet stringVisibility What visibility level new snippets receive. Can take private, internal and public as a parameter. Default is private.
- Delayed
Group boolDeletion Enable delayed group deletion. Default is true. Introduced in GitLab 15.0. From GitLab 15.1, disables and locks the group-level setting for delayed protect deletion when set to false.
- Delayed
Project boolDeletion Enable delayed project deletion by default in new groups. Default is false. From GitLab 15.1, can only be enabled when delayedgroupdeletion is true.
- Delete
Inactive boolProjects Enable inactive project deletion feature. Default is false. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion, disabled by default).
- Deletion
Adjourned intPeriod The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90. Defaults to 7. From GitLab 15.1, a hook on deletionadjournedperiod sets the period to 1 on every update, and sets both delayedprojectdeletion and delayedgroupdeletion to false if the period is 0.
- Diff
Max intFiles Maximum files in a diff.
- Diff
Max intLines Maximum lines in a diff.
- Diff
Max intPatch Bytes Maximum diff patch size, in bytes.
- Disable
Feed boolToken Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- Disabled
Oauth List<string>Sign In Sources Disabled OAuth sign-in sources.
- Dns
Rebinding boolProtection Enabled Enforce DNS rebinding attack protection.
- Domain
Allowlists List<string> Force people to use only corporate emails for sign-up. Default is null, meaning there is no restriction.
- Domain
Denylist boolEnabled (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- Domain
Denylists List<string> Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- Dsa
Key intRestriction The minimum allowed bit length of an uploaded DSA key. Default is 0 (no restriction). -1 disables DSA keys.
- Ecdsa
Key intRestriction The minimum allowed curve size (in bits) of an uploaded ECDSA key. Default is 0 (no restriction). -1 disables ECDSA keys.
- Ecdsa
Sk intKey Restriction The minimum allowed curve size (in bits) of an uploaded ECDSASK key. Default is 0 (no restriction). -1 disables ECDSASK keys.
- Ed25519Key
Restriction int The minimum allowed curve size (in bits) of an uploaded ED25519 key. Default is 0 (no restriction). -1 disables ED25519 keys.
- Ed25519Sk
Key intRestriction The minimum allowed curve size (in bits) of an uploaded ED25519SK key. Default is 0 (no restriction). -1 disables ED25519SK keys.
- Eks
Access stringKey Id AWS IAM access key ID.
- Eks
Account stringId Amazon account ID.
- Eks
Integration boolEnabled Enable integration with Amazon EKS.
- Eks
Secret stringAccess Key AWS IAM secret access key.
- Elasticsearch
Aws bool Enable the use of AWS hosted Elasticsearch.
- Elasticsearch
Aws stringAccess Key AWS IAM access key.
- Elasticsearch
Aws stringRegion The AWS region the Elasticsearch domain is configured.
- Elasticsearch
Aws stringSecret Access Key AWS IAM secret access key.
- Elasticsearch
Indexed intField Length Limit Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- Elasticsearch
Indexed intFile Size Limit Kb Maximum size of repository and wiki files that are indexed by Elasticsearch.
- Elasticsearch
Indexing bool Enable Elasticsearch indexing.
- Elasticsearch
Limit boolIndexing Limit Elasticsearch to index certain namespaces and projects.
- Elasticsearch
Max intBulk Concurrency Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- Elasticsearch
Max intBulk Size Mb Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- Elasticsearch
Namespace List<string>Ids The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- Elasticsearch
Password string The password of your Elasticsearch instance.
- Elasticsearch
Project List<string>Ids The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- Elasticsearch
Search bool Enable Elasticsearch search.
- Elasticsearch
Urls List<string> The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- Elasticsearch
Username string The username of your Elasticsearch instance.
- Email
Additional stringText Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- bool
Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- Enabled
Git stringAccess Protocol Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- Enforce
Namespace boolStorage Limit Enabling this permits enforcement of namespace storage limits.
- Enforce
Terms bool (If enabled, requires: terms) Enforce application ToS to all users.
- External
Auth stringClient Cert (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- External
Auth stringClient Key Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- External
Auth stringClient Key Pass Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- string
The default classification label to use when requesting authorization and no classification label has been specified on the project.
- bool
(If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- double
The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- string
URL to which authorization requests are directed.
- External
Pipeline intValidation Service Timeout How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- External
Pipeline stringValidation Service Token Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- External
Pipeline stringValidation Service Url URL to use for pipeline validation requests.
- File
Template intProject Id The ID of a project to load custom file templates from.
- First
Day intOf Week Start day of the week for calendar views and date pickers. Valid values are 0 (default) for Sunday, 1 for Monday, and 6 for Saturday.
- Geo
Node stringAllowed Ips Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- Geo
Status intTimeout The amount of seconds after which a request to get a secondary node status times out.
- Git
Rate List<string>Limit Users Allowlists List of usernames excluded from Git anti-abuse rate limits. Default: [], Maximum: 100 usernames. Introduced in GitLab 15.2.
- Git
Two intFactor Session Expiry Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- Gitaly
Timeout intDefault Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- Gitaly
Timeout intFast Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- Gitaly
Timeout intMedium Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- Grafana
Enabled bool Enable Grafana.
- Grafana
Url string Grafana URL.
- Gravatar
Enabled bool Enable Gravatar.
- Hashed
Storage boolEnabled Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- Help
Page boolHide Commercial Content Hide marketing-related entries from help.
- Help
Page stringSupport Url Alternate support URL for help page and help dropdown.
- Help
Page stringText Custom text displayed on the help page.
- Help
Text string GitLab server administrator information.
- Hide
Third boolParty Offers Do not display offers from third parties in GitLab.
- Home
Page stringUrl Redirect to this URL when not logged in.
- Housekeeping
Enabled bool (If enabled, requires: housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod) Enable or disable Git housekeeping.
- Housekeeping
Full intRepack Period Number of Git pushes after which an incremental git repack is run.
- Housekeeping
Gc intPeriod Number of Git pushes after which git gc is run.
- Housekeeping
Incremental intRepack Period Number of Git pushes after which an incremental git repack is run.
- Html
Emails boolEnabled Enable HTML emails.
- Import
Sources List<string> Sources to allow project import from, possible values: github, bitbucket, bitbucketserver, gitlab, fogbugz, git, gitlabproject, gitea, manifest, and phabricator.
- In
Product boolMarketing Emails Enabled Enable in-product marketing emails. Enabled by default.
- Inactive
Projects intDelete After Months If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Default is 2. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Inactive
Projects intMin Size Mb If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Default is 0. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Inactive
Projects intSend Warning Email After Months If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Default is 1. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Invisible
Captcha boolEnabled Enable Invisible CAPTCHA spam detection during sign-up. Disabled by default.
- Issues
Create intLimit Max number of issue creation requests per minute per user. Disabled by default.
- Keep
Latest boolArtifact Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time. Enabled by default.
- Local
Markdown intVersion Increase this value when any cached Markdown should be invalidated.
- Mailgun
Events boolEnabled Enable Mailgun event receiver.
- Mailgun
Signing stringKey The Mailgun HTTP webhook signing key for receiving events from webhook.
- Maintenance
Mode bool When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- Maintenance
Mode stringMessage Message displayed when instance is in maintenance mode.
- Max
Artifacts intSize Maximum artifacts size in MB.
- Max
Attachment intSize Limit attachment size in MB.
- Max
Export intSize Maximum export size in MB. 0 for unlimited. Default = 0 (unlimited).
- Max
Import intSize Maximum import size in MB. 0 for unlimited. Default = 0 (unlimited) Modified from 50MB to 0 in GitLab 13.8.
- Max
Number intOf Repository Downloads Maximum number of unique repositories a user can download in the specified time period before they are banned. Default: 0, Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- Max
Number intOf Repository Downloads Within Time Period Reporting time period (in seconds). Default: 0, Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- Max
Pages intSize Maximum size of pages repositories in MB.
- Max
Personal intAccess Token Lifetime Maximum allowable lifetime for access tokens in days.
- Max
Ssh intKey Lifetime Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- Metrics
Method intCall Threshold A method call is only tracked when it takes longer than the given amount of milliseconds.
- Mirror
Available bool Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- Mirror
Capacity intThreshold Minimum capacity to be available before scheduling more mirrors preemptively.
- Mirror
Max intCapacity Maximum number of mirrors that can be synchronizing at the same time.
- Mirror
Max intDelay Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- Npm
Package boolRequests Forwarding Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- Outbound
Local List<string>Requests Whitelists Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- Package
Registry intCleanup Policies Worker Capacity Number of workers assigned to the packages cleanup policies.
- Pages
Domain boolVerification Enabled Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- Password
Authentication boolEnabled For Git Enable authentication for Git over HTTP(S) via a GitLab account password. Default is true.
- Password
Authentication boolEnabled For Web Enable authentication for the web interface via a GitLab account password. Default is true.
- Password
Lowercase boolRequired Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- Password
Number boolRequired Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- Password
Symbol boolRequired Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- Password
Uppercase boolRequired Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- Performance
Bar stringAllowed Group Path Path of the group that is allowed to toggle the performance bar.
- Personal
Access stringToken Prefix Prefix for all generated personal access tokens.
- Pipeline
Limit intPer Project User Sha Maximum number of pipeline creation requests per minute per user and commit. Disabled by default.
- Plantuml
Enabled bool (If enabled, requires: plantuml_url) Enable PlantUML integration. Default is false.
- Plantuml
Url string The PlantUML instance URL for integration.
- Polling
Interval doubleMultiplier Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- Project
Export boolEnabled Enable project export.
- Prometheus
Metrics boolEnabled Enable Prometheus metrics.
- Protected
Ci boolVariables CI/CD variables are protected by default.
- Push
Event intActivities Limit Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- Push
Event intHooks Limit Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- Pypi
Package boolRequests Forwarding Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- Rate
Limiting stringResponse Text When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- Raw
Blob intRequest Limit Max number of requests per minute for each raw path. Default: 300. To disable throttling set to 0.
- Recaptcha
Enabled bool (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- Recaptcha
Private stringKey Private key for reCAPTCHA.
- Recaptcha
Site stringKey Site key for reCAPTCHA.
- Receive
Max intInput Size Maximum push size (MB).
- Repository
Checks boolEnabled GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- Repository
Size intLimit Size limit per repository (MB).
- Repository
Storages List<string> (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- Repository
Storages Dictionary<string, int>Weighted (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- Require
Admin boolApproval After User Signup When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- Require
Two boolFactor Authentication (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- Restricted
Visibility List<string>Levels Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Default is null which means there is no restriction.
- Rsa
Key intRestriction The minimum allowed bit length of an uploaded RSA key. Default is 0 (no restriction). -1 disables RSA keys.
- Search
Rate intLimit Max number of requests per minute for performing a search while authenticated. Default: 30. To disable throttling set to 0.
- Search
Rate intLimit Unauthenticated Max number of requests per minute for performing a search while unauthenticated. Default: 10. To disable throttling set to 0.
- Send
User boolConfirmation Email Send confirmation email on sign-up.
- Session
Expire intDelay Session duration in minutes. GitLab restart is required to apply changes.
- bool
(If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- int
Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- string
Shared runners text.
- Sidekiq
Job intLimiter Compression Threshold Bytes The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis. Default: 100 000 bytes (100KB).
- Sidekiq
Job intLimiter Limit Bytes The threshold in bytes at which Sidekiq jobs are rejected. Default: 0 bytes (doesn’t reject any job).
- Sidekiq
Job stringLimiter Mode track or compress. Sets the behavior for Sidekiq job size limits. Default: ‘compress’.
- Sign
In stringText Text on the login page.
- Signup
Enabled bool Enable registration. Default is true.
- Slack
App boolEnabled (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- Slack
App stringId The app ID of the Slack-app.
- Slack
App stringSecret The app secret of the Slack-app.
- Slack
App stringSigning Secret The signing secret of the Slack-app.
- Slack
App stringVerification Token The verification token of the Slack-app.
- Snippet
Size intLimit Max snippet content size in bytes. Default: 52428800 Bytes (50MB).
- Snowplow
App stringId The Snowplow site name / application ID. (for example, gitlab)
- Snowplow
Collector stringHostname The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- string
The Snowplow cookie domain. (for example, .gitlab.com)
- Snowplow
Enabled bool Enable snowplow tracking.
- Sourcegraph
Enabled bool Enables Sourcegraph integration. Default is false. If enabled, requires sourcegraph_url.
- Sourcegraph
Public boolOnly Blocks Sourcegraph from being loaded on private and internal projects. Default is true.
- Sourcegraph
Url string The Sourcegraph instance URL for integration.
- Spam
Check stringApi Key API key used by GitLab for accessing the Spam Check service endpoint.
- Spam
Check boolEndpoint Enabled Enables spam checking using external Spam Check API endpoint. Default is false.
- Spam
Check stringEndpoint Url URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- Suggest
Pipeline boolEnabled Enable pipeline suggestion banner.
- Terminal
Max intSession Time Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- Terms string
(Required by: enforce_terms) Markdown content for the ToS.
- Throttle
Authenticated boolApi Enabled (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Authenticated intApi Period In Seconds Rate limit period (in seconds).
- Throttle
Authenticated intApi Requests Per Period Maximum requests per period per user.
- Throttle
Authenticated boolPackages Api Enabled (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- Throttle
Authenticated intPackages Api Period In Seconds Rate limit period (in seconds). View Package Registry rate limits for more details.
- Throttle
Authenticated intPackages Api Requests Per Period Maximum requests per period per user. View Package Registry rate limits for more details.
- Throttle
Authenticated boolWeb Enabled (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Authenticated intWeb Period In Seconds Rate limit period (in seconds).
- Throttle
Authenticated intWeb Requests Per Period Maximum requests per period per user.
- Throttle
Unauthenticated boolApi Enabled (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Unauthenticated intApi Period In Seconds Rate limit period in seconds.
- Throttle
Unauthenticated intApi Requests Per Period Max requests per period per IP.
- Throttle
Unauthenticated boolPackages Api Enabled (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- Throttle
Unauthenticated intPackages Api Period In Seconds Rate limit period (in seconds). View Package Registry rate limits for more details.
- Throttle
Unauthenticated intPackages Api Requests Per Period Maximum requests per period per user. View Package Registry rate limits for more details.
- Throttle
Unauthenticated boolWeb Enabled (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Unauthenticated intWeb Period In Seconds Rate limit period in seconds.
- Throttle
Unauthenticated intWeb Requests Per Period Max requests per period per IP.
- Time
Tracking boolLimit To Hours Limit display of time tracking units to hours. Default is false.
- Two
Factor intGrace Period Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- Unique
Ips boolLimit Enabled (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- Unique
Ips intLimit Per User Maximum number of IPs per user.
- Unique
Ips intLimit Time Window How many seconds an IP is counted towards the limit.
- Usage
Ping boolEnabled Every week GitLab reports license usage back to GitLab, Inc.
- User
Deactivation boolEmails Enabled Send an email to users upon account deactivation.
- User
Default boolExternal Newly registered users are external by default.
- User
Default stringInternal Regex Specify an email address regex pattern to identify default internal users.
- User
Oauth boolApplications Allow users to register any application to use GitLab as an OAuth provider.
- User
Show boolAdd Ssh Key Message When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- Version
Check boolEnabled Let GitLab inform you when an update is available.
- Web
Ide boolClientside Preview Enabled Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- Whats
New stringVariant What’s new variant, possible values: alltiers, currenttier, and disabled.
- Wiki
Page intMax Content Bytes Maximum wiki page content size in bytes. Default: 52428800 Bytes (50 MB). The minimum value is 1024 bytes.
- Abuse
Notification stringEmail If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- Admin
Mode bool Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- After
Sign stringOut Path Where to redirect users after logout.
- After
Sign stringUp Text Text shown to the user after signing up.
- string
API key for Akismet spam protection.
- bool
(If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- Allow
Group boolOwners To Manage Ldap Set to true to allow group owners to manage LDAP.
- Allow
Local boolRequests From System Hooks Allow requests to the local network from system hooks.
- Allow
Local boolRequests From Web Hooks And Services Allow requests to the local network from web hooks and services.
- Archive
Builds stringIn Human Readable Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- Asset
Proxy []stringAllowlists Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- Asset
Proxy boolEnabled (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- Asset
Proxy stringSecret Key Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- Asset
Proxy stringUrl URL of the asset proxy server. GitLab restart is required to apply changes.
- bool
By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- Auto
Devops stringDomain Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- Auto
Devops boolEnabled Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- Automatic
Purchased boolStorage Allocation Enabling this permits automatic allocation of purchased storage in a namespace.
- Check
Namespace boolPlan Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- Commit
Email stringHostname Custom hostname (for private commit emails).
- Container
Expiration boolPolicies Enable Historic Entries Enable cleanup policies for all projects.
- int
The maximum number of tags that can be deleted in a single execution of cleanup policies.
- int
The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- Container
Registry boolExpiration Policies Caching Caching during the execution of cleanup policies.
- Container
Registry intExpiration Policies Worker Capacity Number of workers for cleanup policies.
- Container
Registry intToken Expire Delay Container Registry token duration in minutes.
- Deactivate
Dormant boolUsers Enable automatic deactivation of dormant users.
- Default
Artifacts stringExpire In Set the default expiration time for each job’s artifacts.
- Default
Branch stringName Instance-level custom initial branch name (introduced in GitLab 13.2).
- Default
Branch intProtection Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- Default
Ci stringConfig Path Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- Default
Group stringVisibility What visibility level new groups receive. Can take private, internal and public as a parameter. Default is private.
- Default
Project intCreation Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- Default
Project stringVisibility What visibility level new projects receive. Can take private, internal and public as a parameter. Default is private.
- Default
Projects intLimit Project limit per user. Default is 100000.
- Default
Snippet stringVisibility What visibility level new snippets receive. Can take private, internal and public as a parameter. Default is private.
- Delayed
Group boolDeletion Enable delayed group deletion. Default is true. Introduced in GitLab 15.0. From GitLab 15.1, disables and locks the group-level setting for delayed protect deletion when set to false.
- Delayed
Project boolDeletion Enable delayed project deletion by default in new groups. Default is false. From GitLab 15.1, can only be enabled when delayedgroupdeletion is true.
- Delete
Inactive boolProjects Enable inactive project deletion feature. Default is false. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion, disabled by default).
- Deletion
Adjourned intPeriod The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90. Defaults to 7. From GitLab 15.1, a hook on deletionadjournedperiod sets the period to 1 on every update, and sets both delayedprojectdeletion and delayedgroupdeletion to false if the period is 0.
- Diff
Max intFiles Maximum files in a diff.
- Diff
Max intLines Maximum lines in a diff.
- Diff
Max intPatch Bytes Maximum diff patch size, in bytes.
- Disable
Feed boolToken Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- Disabled
Oauth []stringSign In Sources Disabled OAuth sign-in sources.
- Dns
Rebinding boolProtection Enabled Enforce DNS rebinding attack protection.
- Domain
Allowlists []string Force people to use only corporate emails for sign-up. Default is null, meaning there is no restriction.
- Domain
Denylist boolEnabled (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- Domain
Denylists []string Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- Dsa
Key intRestriction The minimum allowed bit length of an uploaded DSA key. Default is 0 (no restriction). -1 disables DSA keys.
- Ecdsa
Key intRestriction The minimum allowed curve size (in bits) of an uploaded ECDSA key. Default is 0 (no restriction). -1 disables ECDSA keys.
- Ecdsa
Sk intKey Restriction The minimum allowed curve size (in bits) of an uploaded ECDSASK key. Default is 0 (no restriction). -1 disables ECDSASK keys.
- Ed25519Key
Restriction int The minimum allowed curve size (in bits) of an uploaded ED25519 key. Default is 0 (no restriction). -1 disables ED25519 keys.
- Ed25519Sk
Key intRestriction The minimum allowed curve size (in bits) of an uploaded ED25519SK key. Default is 0 (no restriction). -1 disables ED25519SK keys.
- Eks
Access stringKey Id AWS IAM access key ID.
- Eks
Account stringId Amazon account ID.
- Eks
Integration boolEnabled Enable integration with Amazon EKS.
- Eks
Secret stringAccess Key AWS IAM secret access key.
- Elasticsearch
Aws bool Enable the use of AWS hosted Elasticsearch.
- Elasticsearch
Aws stringAccess Key AWS IAM access key.
- Elasticsearch
Aws stringRegion The AWS region the Elasticsearch domain is configured.
- Elasticsearch
Aws stringSecret Access Key AWS IAM secret access key.
- Elasticsearch
Indexed intField Length Limit Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- Elasticsearch
Indexed intFile Size Limit Kb Maximum size of repository and wiki files that are indexed by Elasticsearch.
- Elasticsearch
Indexing bool Enable Elasticsearch indexing.
- Elasticsearch
Limit boolIndexing Limit Elasticsearch to index certain namespaces and projects.
- Elasticsearch
Max intBulk Concurrency Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- Elasticsearch
Max intBulk Size Mb Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- Elasticsearch
Namespace []stringIds The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- Elasticsearch
Password string The password of your Elasticsearch instance.
- Elasticsearch
Project []stringIds The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- Elasticsearch
Search bool Enable Elasticsearch search.
- Elasticsearch
Urls []string The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- Elasticsearch
Username string The username of your Elasticsearch instance.
- Email
Additional stringText Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- bool
Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- Enabled
Git stringAccess Protocol Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- Enforce
Namespace boolStorage Limit Enabling this permits enforcement of namespace storage limits.
- Enforce
Terms bool (If enabled, requires: terms) Enforce application ToS to all users.
- External
Auth stringClient Cert (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- External
Auth stringClient Key Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- External
Auth stringClient Key Pass Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- string
The default classification label to use when requesting authorization and no classification label has been specified on the project.
- bool
(If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- float64
The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- string
URL to which authorization requests are directed.
- External
Pipeline intValidation Service Timeout How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- External
Pipeline stringValidation Service Token Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- External
Pipeline stringValidation Service Url URL to use for pipeline validation requests.
- File
Template intProject Id The ID of a project to load custom file templates from.
- First
Day intOf Week Start day of the week for calendar views and date pickers. Valid values are 0 (default) for Sunday, 1 for Monday, and 6 for Saturday.
- Geo
Node stringAllowed Ips Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- Geo
Status intTimeout The amount of seconds after which a request to get a secondary node status times out.
- Git
Rate []stringLimit Users Allowlists List of usernames excluded from Git anti-abuse rate limits. Default: [], Maximum: 100 usernames. Introduced in GitLab 15.2.
- Git
Two intFactor Session Expiry Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- Gitaly
Timeout intDefault Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- Gitaly
Timeout intFast Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- Gitaly
Timeout intMedium Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- Grafana
Enabled bool Enable Grafana.
- Grafana
Url string Grafana URL.
- Gravatar
Enabled bool Enable Gravatar.
- Hashed
Storage boolEnabled Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- Help
Page boolHide Commercial Content Hide marketing-related entries from help.
- Help
Page stringSupport Url Alternate support URL for help page and help dropdown.
- Help
Page stringText Custom text displayed on the help page.
- Help
Text string GitLab server administrator information.
- Hide
Third boolParty Offers Do not display offers from third parties in GitLab.
- Home
Page stringUrl Redirect to this URL when not logged in.
- Housekeeping
Enabled bool (If enabled, requires: housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod) Enable or disable Git housekeeping.
- Housekeeping
Full intRepack Period Number of Git pushes after which an incremental git repack is run.
- Housekeeping
Gc intPeriod Number of Git pushes after which git gc is run.
- Housekeeping
Incremental intRepack Period Number of Git pushes after which an incremental git repack is run.
- Html
Emails boolEnabled Enable HTML emails.
- Import
Sources []string Sources to allow project import from, possible values: github, bitbucket, bitbucketserver, gitlab, fogbugz, git, gitlabproject, gitea, manifest, and phabricator.
- In
Product boolMarketing Emails Enabled Enable in-product marketing emails. Enabled by default.
- Inactive
Projects intDelete After Months If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Default is 2. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Inactive
Projects intMin Size Mb If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Default is 0. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Inactive
Projects intSend Warning Email After Months If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Default is 1. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Invisible
Captcha boolEnabled Enable Invisible CAPTCHA spam detection during sign-up. Disabled by default.
- Issues
Create intLimit Max number of issue creation requests per minute per user. Disabled by default.
- Keep
Latest boolArtifact Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time. Enabled by default.
- Local
Markdown intVersion Increase this value when any cached Markdown should be invalidated.
- Mailgun
Events boolEnabled Enable Mailgun event receiver.
- Mailgun
Signing stringKey The Mailgun HTTP webhook signing key for receiving events from webhook.
- Maintenance
Mode bool When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- Maintenance
Mode stringMessage Message displayed when instance is in maintenance mode.
- Max
Artifacts intSize Maximum artifacts size in MB.
- Max
Attachment intSize Limit attachment size in MB.
- Max
Export intSize Maximum export size in MB. 0 for unlimited. Default = 0 (unlimited).
- Max
Import intSize Maximum import size in MB. 0 for unlimited. Default = 0 (unlimited) Modified from 50MB to 0 in GitLab 13.8.
- Max
Number intOf Repository Downloads Maximum number of unique repositories a user can download in the specified time period before they are banned. Default: 0, Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- Max
Number intOf Repository Downloads Within Time Period Reporting time period (in seconds). Default: 0, Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- Max
Pages intSize Maximum size of pages repositories in MB.
- Max
Personal intAccess Token Lifetime Maximum allowable lifetime for access tokens in days.
- Max
Ssh intKey Lifetime Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- Metrics
Method intCall Threshold A method call is only tracked when it takes longer than the given amount of milliseconds.
- Mirror
Available bool Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- Mirror
Capacity intThreshold Minimum capacity to be available before scheduling more mirrors preemptively.
- Mirror
Max intCapacity Maximum number of mirrors that can be synchronizing at the same time.
- Mirror
Max intDelay Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- Npm
Package boolRequests Forwarding Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- Outbound
Local []stringRequests Whitelists Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- Package
Registry intCleanup Policies Worker Capacity Number of workers assigned to the packages cleanup policies.
- Pages
Domain boolVerification Enabled Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- Password
Authentication boolEnabled For Git Enable authentication for Git over HTTP(S) via a GitLab account password. Default is true.
- Password
Authentication boolEnabled For Web Enable authentication for the web interface via a GitLab account password. Default is true.
- Password
Lowercase boolRequired Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- Password
Number boolRequired Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- Password
Symbol boolRequired Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- Password
Uppercase boolRequired Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- Performance
Bar stringAllowed Group Path Path of the group that is allowed to toggle the performance bar.
- Personal
Access stringToken Prefix Prefix for all generated personal access tokens.
- Pipeline
Limit intPer Project User Sha Maximum number of pipeline creation requests per minute per user and commit. Disabled by default.
- Plantuml
Enabled bool (If enabled, requires: plantuml_url) Enable PlantUML integration. Default is false.
- Plantuml
Url string The PlantUML instance URL for integration.
- Polling
Interval float64Multiplier Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- Project
Export boolEnabled Enable project export.
- Prometheus
Metrics boolEnabled Enable Prometheus metrics.
- Protected
Ci boolVariables CI/CD variables are protected by default.
- Push
Event intActivities Limit Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- Push
Event intHooks Limit Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- Pypi
Package boolRequests Forwarding Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- Rate
Limiting stringResponse Text When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- Raw
Blob intRequest Limit Max number of requests per minute for each raw path. Default: 300. To disable throttling set to 0.
- Recaptcha
Enabled bool (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- Recaptcha
Private stringKey Private key for reCAPTCHA.
- Recaptcha
Site stringKey Site key for reCAPTCHA.
- Receive
Max intInput Size Maximum push size (MB).
- Repository
Checks boolEnabled GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- Repository
Size intLimit Size limit per repository (MB).
- Repository
Storages []string (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- Repository
Storages map[string]intWeighted (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- Require
Admin boolApproval After User Signup When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- Require
Two boolFactor Authentication (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- Restricted
Visibility []stringLevels Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Default is null which means there is no restriction.
- Rsa
Key intRestriction The minimum allowed bit length of an uploaded RSA key. Default is 0 (no restriction). -1 disables RSA keys.
- Search
Rate intLimit Max number of requests per minute for performing a search while authenticated. Default: 30. To disable throttling set to 0.
- Search
Rate intLimit Unauthenticated Max number of requests per minute for performing a search while unauthenticated. Default: 10. To disable throttling set to 0.
- Send
User boolConfirmation Email Send confirmation email on sign-up.
- Session
Expire intDelay Session duration in minutes. GitLab restart is required to apply changes.
- bool
(If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- int
Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- string
Shared runners text.
- Sidekiq
Job intLimiter Compression Threshold Bytes The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis. Default: 100 000 bytes (100KB).
- Sidekiq
Job intLimiter Limit Bytes The threshold in bytes at which Sidekiq jobs are rejected. Default: 0 bytes (doesn’t reject any job).
- Sidekiq
Job stringLimiter Mode track or compress. Sets the behavior for Sidekiq job size limits. Default: ‘compress’.
- Sign
In stringText Text on the login page.
- Signup
Enabled bool Enable registration. Default is true.
- Slack
App boolEnabled (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- Slack
App stringId The app ID of the Slack-app.
- Slack
App stringSecret The app secret of the Slack-app.
- Slack
App stringSigning Secret The signing secret of the Slack-app.
- Slack
App stringVerification Token The verification token of the Slack-app.
- Snippet
Size intLimit Max snippet content size in bytes. Default: 52428800 Bytes (50MB).
- Snowplow
App stringId The Snowplow site name / application ID. (for example, gitlab)
- Snowplow
Collector stringHostname The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- string
The Snowplow cookie domain. (for example, .gitlab.com)
- Snowplow
Enabled bool Enable snowplow tracking.
- Sourcegraph
Enabled bool Enables Sourcegraph integration. Default is false. If enabled, requires sourcegraph_url.
- Sourcegraph
Public boolOnly Blocks Sourcegraph from being loaded on private and internal projects. Default is true.
- Sourcegraph
Url string The Sourcegraph instance URL for integration.
- Spam
Check stringApi Key API key used by GitLab for accessing the Spam Check service endpoint.
- Spam
Check boolEndpoint Enabled Enables spam checking using external Spam Check API endpoint. Default is false.
- Spam
Check stringEndpoint Url URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- Suggest
Pipeline boolEnabled Enable pipeline suggestion banner.
- Terminal
Max intSession Time Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- Terms string
(Required by: enforce_terms) Markdown content for the ToS.
- Throttle
Authenticated boolApi Enabled (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Authenticated intApi Period In Seconds Rate limit period (in seconds).
- Throttle
Authenticated intApi Requests Per Period Maximum requests per period per user.
- Throttle
Authenticated boolPackages Api Enabled (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- Throttle
Authenticated intPackages Api Period In Seconds Rate limit period (in seconds). View Package Registry rate limits for more details.
- Throttle
Authenticated intPackages Api Requests Per Period Maximum requests per period per user. View Package Registry rate limits for more details.
- Throttle
Authenticated boolWeb Enabled (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Authenticated intWeb Period In Seconds Rate limit period (in seconds).
- Throttle
Authenticated intWeb Requests Per Period Maximum requests per period per user.
- Throttle
Unauthenticated boolApi Enabled (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Unauthenticated intApi Period In Seconds Rate limit period in seconds.
- Throttle
Unauthenticated intApi Requests Per Period Max requests per period per IP.
- Throttle
Unauthenticated boolPackages Api Enabled (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- Throttle
Unauthenticated intPackages Api Period In Seconds Rate limit period (in seconds). View Package Registry rate limits for more details.
- Throttle
Unauthenticated intPackages Api Requests Per Period Maximum requests per period per user. View Package Registry rate limits for more details.
- Throttle
Unauthenticated boolWeb Enabled (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Unauthenticated intWeb Period In Seconds Rate limit period in seconds.
- Throttle
Unauthenticated intWeb Requests Per Period Max requests per period per IP.
- Time
Tracking boolLimit To Hours Limit display of time tracking units to hours. Default is false.
- Two
Factor intGrace Period Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- Unique
Ips boolLimit Enabled (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- Unique
Ips intLimit Per User Maximum number of IPs per user.
- Unique
Ips intLimit Time Window How many seconds an IP is counted towards the limit.
- Usage
Ping boolEnabled Every week GitLab reports license usage back to GitLab, Inc.
- User
Deactivation boolEmails Enabled Send an email to users upon account deactivation.
- User
Default boolExternal Newly registered users are external by default.
- User
Default stringInternal Regex Specify an email address regex pattern to identify default internal users.
- User
Oauth boolApplications Allow users to register any application to use GitLab as an OAuth provider.
- User
Show boolAdd Ssh Key Message When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- Version
Check boolEnabled Let GitLab inform you when an update is available.
- Web
Ide boolClientside Preview Enabled Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- Whats
New stringVariant What’s new variant, possible values: alltiers, currenttier, and disabled.
- Wiki
Page intMax Content Bytes Maximum wiki page content size in bytes. Default: 52428800 Bytes (50 MB). The minimum value is 1024 bytes.
- abuse
Notification StringEmail If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- admin
Mode Boolean Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- after
Sign StringOut Path Where to redirect users after logout.
- after
Sign StringUp Text Text shown to the user after signing up.
- String
API key for Akismet spam protection.
- Boolean
(If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- allow
Group BooleanOwners To Manage Ldap Set to true to allow group owners to manage LDAP.
- allow
Local BooleanRequests From System Hooks Allow requests to the local network from system hooks.
- allow
Local BooleanRequests From Web Hooks And Services Allow requests to the local network from web hooks and services.
- archive
Builds StringIn Human Readable Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- asset
Proxy List<String>Allowlists Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- asset
Proxy BooleanEnabled (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- asset
Proxy StringSecret Key Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- asset
Proxy StringUrl URL of the asset proxy server. GitLab restart is required to apply changes.
- Boolean
By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- auto
Devops StringDomain Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- auto
Devops BooleanEnabled Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- automatic
Purchased BooleanStorage Allocation Enabling this permits automatic allocation of purchased storage in a namespace.
- check
Namespace BooleanPlan Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- commit
Email StringHostname Custom hostname (for private commit emails).
- container
Expiration BooleanPolicies Enable Historic Entries Enable cleanup policies for all projects.
- Integer
The maximum number of tags that can be deleted in a single execution of cleanup policies.
- Integer
The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- container
Registry BooleanExpiration Policies Caching Caching during the execution of cleanup policies.
- container
Registry IntegerExpiration Policies Worker Capacity Number of workers for cleanup policies.
- container
Registry IntegerToken Expire Delay Container Registry token duration in minutes.
- deactivate
Dormant BooleanUsers Enable automatic deactivation of dormant users.
- default
Artifacts StringExpire In Set the default expiration time for each job’s artifacts.
- default
Branch StringName Instance-level custom initial branch name (introduced in GitLab 13.2).
- default
Branch IntegerProtection Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- default
Ci StringConfig Path Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- default
Group StringVisibility What visibility level new groups receive. Can take private, internal and public as a parameter. Default is private.
- default
Project IntegerCreation Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- default
Project StringVisibility What visibility level new projects receive. Can take private, internal and public as a parameter. Default is private.
- default
Projects IntegerLimit Project limit per user. Default is 100000.
- default
Snippet StringVisibility What visibility level new snippets receive. Can take private, internal and public as a parameter. Default is private.
- delayed
Group BooleanDeletion Enable delayed group deletion. Default is true. Introduced in GitLab 15.0. From GitLab 15.1, disables and locks the group-level setting for delayed protect deletion when set to false.
- delayed
Project BooleanDeletion Enable delayed project deletion by default in new groups. Default is false. From GitLab 15.1, can only be enabled when delayedgroupdeletion is true.
- delete
Inactive BooleanProjects Enable inactive project deletion feature. Default is false. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion, disabled by default).
- deletion
Adjourned IntegerPeriod The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90. Defaults to 7. From GitLab 15.1, a hook on deletionadjournedperiod sets the period to 1 on every update, and sets both delayedprojectdeletion and delayedgroupdeletion to false if the period is 0.
- diff
Max IntegerFiles Maximum files in a diff.
- diff
Max IntegerLines Maximum lines in a diff.
- diff
Max IntegerPatch Bytes Maximum diff patch size, in bytes.
- disable
Feed BooleanToken Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- disabled
Oauth List<String>Sign In Sources Disabled OAuth sign-in sources.
- dns
Rebinding BooleanProtection Enabled Enforce DNS rebinding attack protection.
- domain
Allowlists List<String> Force people to use only corporate emails for sign-up. Default is null, meaning there is no restriction.
- domain
Denylist BooleanEnabled (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- domain
Denylists List<String> Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- dsa
Key IntegerRestriction The minimum allowed bit length of an uploaded DSA key. Default is 0 (no restriction). -1 disables DSA keys.
- ecdsa
Key IntegerRestriction The minimum allowed curve size (in bits) of an uploaded ECDSA key. Default is 0 (no restriction). -1 disables ECDSA keys.
- ecdsa
Sk IntegerKey Restriction The minimum allowed curve size (in bits) of an uploaded ECDSASK key. Default is 0 (no restriction). -1 disables ECDSASK keys.
- ed25519Key
Restriction Integer The minimum allowed curve size (in bits) of an uploaded ED25519 key. Default is 0 (no restriction). -1 disables ED25519 keys.
- ed25519Sk
Key IntegerRestriction The minimum allowed curve size (in bits) of an uploaded ED25519SK key. Default is 0 (no restriction). -1 disables ED25519SK keys.
- eks
Access StringKey Id AWS IAM access key ID.
- eks
Account StringId Amazon account ID.
- eks
Integration BooleanEnabled Enable integration with Amazon EKS.
- eks
Secret StringAccess Key AWS IAM secret access key.
- elasticsearch
Aws Boolean Enable the use of AWS hosted Elasticsearch.
- elasticsearch
Aws StringAccess Key AWS IAM access key.
- elasticsearch
Aws StringRegion The AWS region the Elasticsearch domain is configured.
- elasticsearch
Aws StringSecret Access Key AWS IAM secret access key.
- elasticsearch
Indexed IntegerField Length Limit Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- elasticsearch
Indexed IntegerFile Size Limit Kb Maximum size of repository and wiki files that are indexed by Elasticsearch.
- elasticsearch
Indexing Boolean Enable Elasticsearch indexing.
- elasticsearch
Limit BooleanIndexing Limit Elasticsearch to index certain namespaces and projects.
- elasticsearch
Max IntegerBulk Concurrency Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- elasticsearch
Max IntegerBulk Size Mb Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- elasticsearch
Namespace List<String>Ids The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch
Password String The password of your Elasticsearch instance.
- elasticsearch
Project List<String>Ids The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch
Search Boolean Enable Elasticsearch search.
- elasticsearch
Urls List<String> The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- elasticsearch
Username String The username of your Elasticsearch instance.
- email
Additional StringText Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- Boolean
Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- enabled
Git StringAccess Protocol Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- enforce
Namespace BooleanStorage Limit Enabling this permits enforcement of namespace storage limits.
- enforce
Terms Boolean (If enabled, requires: terms) Enforce application ToS to all users.
- external
Auth StringClient Cert (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- external
Auth StringClient Key Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- external
Auth StringClient Key Pass Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- String
The default classification label to use when requesting authorization and no classification label has been specified on the project.
- Boolean
(If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- Double
The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- String
URL to which authorization requests are directed.
- external
Pipeline IntegerValidation Service Timeout How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- external
Pipeline StringValidation Service Token Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- external
Pipeline StringValidation Service Url URL to use for pipeline validation requests.
- file
Template IntegerProject Id The ID of a project to load custom file templates from.
- first
Day IntegerOf Week Start day of the week for calendar views and date pickers. Valid values are 0 (default) for Sunday, 1 for Monday, and 6 for Saturday.
- geo
Node StringAllowed Ips Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- geo
Status IntegerTimeout The amount of seconds after which a request to get a secondary node status times out.
- git
Rate List<String>Limit Users Allowlists List of usernames excluded from Git anti-abuse rate limits. Default: [], Maximum: 100 usernames. Introduced in GitLab 15.2.
- git
Two IntegerFactor Session Expiry Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- gitaly
Timeout IntegerDefault Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- gitaly
Timeout IntegerFast Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- gitaly
Timeout IntegerMedium Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- grafana
Enabled Boolean Enable Grafana.
- grafana
Url String Grafana URL.
- gravatar
Enabled Boolean Enable Gravatar.
- hashed
Storage BooleanEnabled Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- help
Page BooleanHide Commercial Content Hide marketing-related entries from help.
- help
Page StringSupport Url Alternate support URL for help page and help dropdown.
- help
Page StringText Custom text displayed on the help page.
- help
Text String GitLab server administrator information.
- hide
Third BooleanParty Offers Do not display offers from third parties in GitLab.
- home
Page StringUrl Redirect to this URL when not logged in.
- housekeeping
Enabled Boolean (If enabled, requires: housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod) Enable or disable Git housekeeping.
- housekeeping
Full IntegerRepack Period Number of Git pushes after which an incremental git repack is run.
- housekeeping
Gc IntegerPeriod Number of Git pushes after which git gc is run.
- housekeeping
Incremental IntegerRepack Period Number of Git pushes after which an incremental git repack is run.
- html
Emails BooleanEnabled Enable HTML emails.
- import
Sources List<String> Sources to allow project import from, possible values: github, bitbucket, bitbucketserver, gitlab, fogbugz, git, gitlabproject, gitea, manifest, and phabricator.
- in
Product BooleanMarketing Emails Enabled Enable in-product marketing emails. Enabled by default.
- inactive
Projects IntegerDelete After Months If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Default is 2. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive
Projects IntegerMin Size Mb If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Default is 0. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive
Projects IntegerSend Warning Email After Months If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Default is 1. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- invisible
Captcha BooleanEnabled Enable Invisible CAPTCHA spam detection during sign-up. Disabled by default.
- issues
Create IntegerLimit Max number of issue creation requests per minute per user. Disabled by default.
- keep
Latest BooleanArtifact Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time. Enabled by default.
- local
Markdown IntegerVersion Increase this value when any cached Markdown should be invalidated.
- mailgun
Events BooleanEnabled Enable Mailgun event receiver.
- mailgun
Signing StringKey The Mailgun HTTP webhook signing key for receiving events from webhook.
- maintenance
Mode Boolean When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- maintenance
Mode StringMessage Message displayed when instance is in maintenance mode.
- max
Artifacts IntegerSize Maximum artifacts size in MB.
- max
Attachment IntegerSize Limit attachment size in MB.
- max
Export IntegerSize Maximum export size in MB. 0 for unlimited. Default = 0 (unlimited).
- max
Import IntegerSize Maximum import size in MB. 0 for unlimited. Default = 0 (unlimited) Modified from 50MB to 0 in GitLab 13.8.
- max
Number IntegerOf Repository Downloads Maximum number of unique repositories a user can download in the specified time period before they are banned. Default: 0, Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- max
Number IntegerOf Repository Downloads Within Time Period Reporting time period (in seconds). Default: 0, Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- max
Pages IntegerSize Maximum size of pages repositories in MB.
- max
Personal IntegerAccess Token Lifetime Maximum allowable lifetime for access tokens in days.
- max
Ssh IntegerKey Lifetime Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- metrics
Method IntegerCall Threshold A method call is only tracked when it takes longer than the given amount of milliseconds.
- mirror
Available Boolean Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- mirror
Capacity IntegerThreshold Minimum capacity to be available before scheduling more mirrors preemptively.
- mirror
Max IntegerCapacity Maximum number of mirrors that can be synchronizing at the same time.
- mirror
Max IntegerDelay Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- npm
Package BooleanRequests Forwarding Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- outbound
Local List<String>Requests Whitelists Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- package
Registry IntegerCleanup Policies Worker Capacity Number of workers assigned to the packages cleanup policies.
- pages
Domain BooleanVerification Enabled Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- password
Authentication BooleanEnabled For Git Enable authentication for Git over HTTP(S) via a GitLab account password. Default is true.
- password
Authentication BooleanEnabled For Web Enable authentication for the web interface via a GitLab account password. Default is true.
- password
Lowercase BooleanRequired Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- password
Number BooleanRequired Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- password
Symbol BooleanRequired Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- password
Uppercase BooleanRequired Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- performance
Bar StringAllowed Group Path Path of the group that is allowed to toggle the performance bar.
- personal
Access StringToken Prefix Prefix for all generated personal access tokens.
- pipeline
Limit IntegerPer Project User Sha Maximum number of pipeline creation requests per minute per user and commit. Disabled by default.
- plantuml
Enabled Boolean (If enabled, requires: plantuml_url) Enable PlantUML integration. Default is false.
- plantuml
Url String The PlantUML instance URL for integration.
- polling
Interval DoubleMultiplier Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- project
Export BooleanEnabled Enable project export.
- prometheus
Metrics BooleanEnabled Enable Prometheus metrics.
- protected
Ci BooleanVariables CI/CD variables are protected by default.
- push
Event IntegerActivities Limit Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- push
Event IntegerHooks Limit Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- pypi
Package BooleanRequests Forwarding Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- rate
Limiting StringResponse Text When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- raw
Blob IntegerRequest Limit Max number of requests per minute for each raw path. Default: 300. To disable throttling set to 0.
- recaptcha
Enabled Boolean (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- recaptcha
Private StringKey Private key for reCAPTCHA.
- recaptcha
Site StringKey Site key for reCAPTCHA.
- receive
Max IntegerInput Size Maximum push size (MB).
- repository
Checks BooleanEnabled GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- repository
Size IntegerLimit Size limit per repository (MB).
- repository
Storages List<String> (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- repository
Storages Map<String,Integer>Weighted (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- require
Admin BooleanApproval After User Signup When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- require
Two BooleanFactor Authentication (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- restricted
Visibility List<String>Levels Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Default is null which means there is no restriction.
- rsa
Key IntegerRestriction The minimum allowed bit length of an uploaded RSA key. Default is 0 (no restriction). -1 disables RSA keys.
- search
Rate IntegerLimit Max number of requests per minute for performing a search while authenticated. Default: 30. To disable throttling set to 0.
- search
Rate IntegerLimit Unauthenticated Max number of requests per minute for performing a search while unauthenticated. Default: 10. To disable throttling set to 0.
- send
User BooleanConfirmation Email Send confirmation email on sign-up.
- session
Expire IntegerDelay Session duration in minutes. GitLab restart is required to apply changes.
- Boolean
(If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- Integer
Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- String
Shared runners text.
- sidekiq
Job IntegerLimiter Compression Threshold Bytes The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis. Default: 100 000 bytes (100KB).
- sidekiq
Job IntegerLimiter Limit Bytes The threshold in bytes at which Sidekiq jobs are rejected. Default: 0 bytes (doesn’t reject any job).
- sidekiq
Job StringLimiter Mode track or compress. Sets the behavior for Sidekiq job size limits. Default: ‘compress’.
- sign
In StringText Text on the login page.
- signup
Enabled Boolean Enable registration. Default is true.
- slack
App BooleanEnabled (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- slack
App StringId The app ID of the Slack-app.
- slack
App StringSecret The app secret of the Slack-app.
- slack
App StringSigning Secret The signing secret of the Slack-app.
- slack
App StringVerification Token The verification token of the Slack-app.
- snippet
Size IntegerLimit Max snippet content size in bytes. Default: 52428800 Bytes (50MB).
- snowplow
App StringId The Snowplow site name / application ID. (for example, gitlab)
- snowplow
Collector StringHostname The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- String
The Snowplow cookie domain. (for example, .gitlab.com)
- snowplow
Enabled Boolean Enable snowplow tracking.
- sourcegraph
Enabled Boolean Enables Sourcegraph integration. Default is false. If enabled, requires sourcegraph_url.
- sourcegraph
Public BooleanOnly Blocks Sourcegraph from being loaded on private and internal projects. Default is true.
- sourcegraph
Url String The Sourcegraph instance URL for integration.
- spam
Check StringApi Key API key used by GitLab for accessing the Spam Check service endpoint.
- spam
Check BooleanEndpoint Enabled Enables spam checking using external Spam Check API endpoint. Default is false.
- spam
Check StringEndpoint Url URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- suggest
Pipeline BooleanEnabled Enable pipeline suggestion banner.
- terminal
Max IntegerSession Time Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- terms String
(Required by: enforce_terms) Markdown content for the ToS.
- throttle
Authenticated BooleanApi Enabled (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Authenticated IntegerApi Period In Seconds Rate limit period (in seconds).
- throttle
Authenticated IntegerApi Requests Per Period Maximum requests per period per user.
- throttle
Authenticated BooleanPackages Api Enabled (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle
Authenticated IntegerPackages Api Period In Seconds Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle
Authenticated IntegerPackages Api Requests Per Period Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle
Authenticated BooleanWeb Enabled (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Authenticated IntegerWeb Period In Seconds Rate limit period (in seconds).
- throttle
Authenticated IntegerWeb Requests Per Period Maximum requests per period per user.
- throttle
Unauthenticated BooleanApi Enabled (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Unauthenticated IntegerApi Period In Seconds Rate limit period in seconds.
- throttle
Unauthenticated IntegerApi Requests Per Period Max requests per period per IP.
- throttle
Unauthenticated BooleanPackages Api Enabled (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle
Unauthenticated IntegerPackages Api Period In Seconds Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle
Unauthenticated IntegerPackages Api Requests Per Period Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle
Unauthenticated BooleanWeb Enabled (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Unauthenticated IntegerWeb Period In Seconds Rate limit period in seconds.
- throttle
Unauthenticated IntegerWeb Requests Per Period Max requests per period per IP.
- time
Tracking BooleanLimit To Hours Limit display of time tracking units to hours. Default is false.
- two
Factor IntegerGrace Period Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- unique
Ips BooleanLimit Enabled (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- unique
Ips IntegerLimit Per User Maximum number of IPs per user.
- unique
Ips IntegerLimit Time Window How many seconds an IP is counted towards the limit.
- usage
Ping BooleanEnabled Every week GitLab reports license usage back to GitLab, Inc.
- user
Deactivation BooleanEmails Enabled Send an email to users upon account deactivation.
- user
Default BooleanExternal Newly registered users are external by default.
- user
Default StringInternal Regex Specify an email address regex pattern to identify default internal users.
- user
Oauth BooleanApplications Allow users to register any application to use GitLab as an OAuth provider.
- user
Show BooleanAdd Ssh Key Message When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- version
Check BooleanEnabled Let GitLab inform you when an update is available.
- web
Ide BooleanClientside Preview Enabled Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- whats
New StringVariant What’s new variant, possible values: alltiers, currenttier, and disabled.
- wiki
Page IntegerMax Content Bytes Maximum wiki page content size in bytes. Default: 52428800 Bytes (50 MB). The minimum value is 1024 bytes.
- abuse
Notification stringEmail If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- admin
Mode boolean Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- after
Sign stringOut Path Where to redirect users after logout.
- after
Sign stringUp Text Text shown to the user after signing up.
- string
API key for Akismet spam protection.
- boolean
(If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- allow
Group booleanOwners To Manage Ldap Set to true to allow group owners to manage LDAP.
- allow
Local booleanRequests From System Hooks Allow requests to the local network from system hooks.
- allow
Local booleanRequests From Web Hooks And Services Allow requests to the local network from web hooks and services.
- archive
Builds stringIn Human Readable Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- asset
Proxy string[]Allowlists Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- asset
Proxy booleanEnabled (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- asset
Proxy stringSecret Key Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- asset
Proxy stringUrl URL of the asset proxy server. GitLab restart is required to apply changes.
- boolean
By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- auto
Devops stringDomain Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- auto
Devops booleanEnabled Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- automatic
Purchased booleanStorage Allocation Enabling this permits automatic allocation of purchased storage in a namespace.
- check
Namespace booleanPlan Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- commit
Email stringHostname Custom hostname (for private commit emails).
- container
Expiration booleanPolicies Enable Historic Entries Enable cleanup policies for all projects.
- number
The maximum number of tags that can be deleted in a single execution of cleanup policies.
- number
The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- container
Registry booleanExpiration Policies Caching Caching during the execution of cleanup policies.
- container
Registry numberExpiration Policies Worker Capacity Number of workers for cleanup policies.
- container
Registry numberToken Expire Delay Container Registry token duration in minutes.
- deactivate
Dormant booleanUsers Enable automatic deactivation of dormant users.
- default
Artifacts stringExpire In Set the default expiration time for each job’s artifacts.
- default
Branch stringName Instance-level custom initial branch name (introduced in GitLab 13.2).
- default
Branch numberProtection Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- default
Ci stringConfig Path Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- default
Group stringVisibility What visibility level new groups receive. Can take private, internal and public as a parameter. Default is private.
- default
Project numberCreation Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- default
Project stringVisibility What visibility level new projects receive. Can take private, internal and public as a parameter. Default is private.
- default
Projects numberLimit Project limit per user. Default is 100000.
- default
Snippet stringVisibility What visibility level new snippets receive. Can take private, internal and public as a parameter. Default is private.
- delayed
Group booleanDeletion Enable delayed group deletion. Default is true. Introduced in GitLab 15.0. From GitLab 15.1, disables and locks the group-level setting for delayed protect deletion when set to false.
- delayed
Project booleanDeletion Enable delayed project deletion by default in new groups. Default is false. From GitLab 15.1, can only be enabled when delayedgroupdeletion is true.
- delete
Inactive booleanProjects Enable inactive project deletion feature. Default is false. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion, disabled by default).
- deletion
Adjourned numberPeriod The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90. Defaults to 7. From GitLab 15.1, a hook on deletionadjournedperiod sets the period to 1 on every update, and sets both delayedprojectdeletion and delayedgroupdeletion to false if the period is 0.
- diff
Max numberFiles Maximum files in a diff.
- diff
Max numberLines Maximum lines in a diff.
- diff
Max numberPatch Bytes Maximum diff patch size, in bytes.
- disable
Feed booleanToken Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- disabled
Oauth string[]Sign In Sources Disabled OAuth sign-in sources.
- dns
Rebinding booleanProtection Enabled Enforce DNS rebinding attack protection.
- domain
Allowlists string[] Force people to use only corporate emails for sign-up. Default is null, meaning there is no restriction.
- domain
Denylist booleanEnabled (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- domain
Denylists string[] Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- dsa
Key numberRestriction The minimum allowed bit length of an uploaded DSA key. Default is 0 (no restriction). -1 disables DSA keys.
- ecdsa
Key numberRestriction The minimum allowed curve size (in bits) of an uploaded ECDSA key. Default is 0 (no restriction). -1 disables ECDSA keys.
- ecdsa
Sk numberKey Restriction The minimum allowed curve size (in bits) of an uploaded ECDSASK key. Default is 0 (no restriction). -1 disables ECDSASK keys.
- ed25519Key
Restriction number The minimum allowed curve size (in bits) of an uploaded ED25519 key. Default is 0 (no restriction). -1 disables ED25519 keys.
- ed25519Sk
Key numberRestriction The minimum allowed curve size (in bits) of an uploaded ED25519SK key. Default is 0 (no restriction). -1 disables ED25519SK keys.
- eks
Access stringKey Id AWS IAM access key ID.
- eks
Account stringId Amazon account ID.
- eks
Integration booleanEnabled Enable integration with Amazon EKS.
- eks
Secret stringAccess Key AWS IAM secret access key.
- elasticsearch
Aws boolean Enable the use of AWS hosted Elasticsearch.
- elasticsearch
Aws stringAccess Key AWS IAM access key.
- elasticsearch
Aws stringRegion The AWS region the Elasticsearch domain is configured.
- elasticsearch
Aws stringSecret Access Key AWS IAM secret access key.
- elasticsearch
Indexed numberField Length Limit Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- elasticsearch
Indexed numberFile Size Limit Kb Maximum size of repository and wiki files that are indexed by Elasticsearch.
- elasticsearch
Indexing boolean Enable Elasticsearch indexing.
- elasticsearch
Limit booleanIndexing Limit Elasticsearch to index certain namespaces and projects.
- elasticsearch
Max numberBulk Concurrency Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- elasticsearch
Max numberBulk Size Mb Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- elasticsearch
Namespace string[]Ids The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch
Password string The password of your Elasticsearch instance.
- elasticsearch
Project string[]Ids The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch
Search boolean Enable Elasticsearch search.
- elasticsearch
Urls string[] The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- elasticsearch
Username string The username of your Elasticsearch instance.
- email
Additional stringText Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- boolean
Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- enabled
Git stringAccess Protocol Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- enforce
Namespace booleanStorage Limit Enabling this permits enforcement of namespace storage limits.
- enforce
Terms boolean (If enabled, requires: terms) Enforce application ToS to all users.
- external
Auth stringClient Cert (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- external
Auth stringClient Key Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- external
Auth stringClient Key Pass Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- string
The default classification label to use when requesting authorization and no classification label has been specified on the project.
- boolean
(If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- number
The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- string
URL to which authorization requests are directed.
- external
Pipeline numberValidation Service Timeout How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- external
Pipeline stringValidation Service Token Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- external
Pipeline stringValidation Service Url URL to use for pipeline validation requests.
- file
Template numberProject Id The ID of a project to load custom file templates from.
- first
Day numberOf Week Start day of the week for calendar views and date pickers. Valid values are 0 (default) for Sunday, 1 for Monday, and 6 for Saturday.
- geo
Node stringAllowed Ips Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- geo
Status numberTimeout The amount of seconds after which a request to get a secondary node status times out.
- git
Rate string[]Limit Users Allowlists List of usernames excluded from Git anti-abuse rate limits. Default: [], Maximum: 100 usernames. Introduced in GitLab 15.2.
- git
Two numberFactor Session Expiry Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- gitaly
Timeout numberDefault Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- gitaly
Timeout numberFast Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- gitaly
Timeout numberMedium Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- grafana
Enabled boolean Enable Grafana.
- grafana
Url string Grafana URL.
- gravatar
Enabled boolean Enable Gravatar.
- hashed
Storage booleanEnabled Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- help
Page booleanHide Commercial Content Hide marketing-related entries from help.
- help
Page stringSupport Url Alternate support URL for help page and help dropdown.
- help
Page stringText Custom text displayed on the help page.
- help
Text string GitLab server administrator information.
- hide
Third booleanParty Offers Do not display offers from third parties in GitLab.
- home
Page stringUrl Redirect to this URL when not logged in.
- housekeeping
Enabled boolean (If enabled, requires: housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod) Enable or disable Git housekeeping.
- housekeeping
Full numberRepack Period Number of Git pushes after which an incremental git repack is run.
- housekeeping
Gc numberPeriod Number of Git pushes after which git gc is run.
- housekeeping
Incremental numberRepack Period Number of Git pushes after which an incremental git repack is run.
- html
Emails booleanEnabled Enable HTML emails.
- import
Sources string[] Sources to allow project import from, possible values: github, bitbucket, bitbucketserver, gitlab, fogbugz, git, gitlabproject, gitea, manifest, and phabricator.
- in
Product booleanMarketing Emails Enabled Enable in-product marketing emails. Enabled by default.
- inactive
Projects numberDelete After Months If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Default is 2. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive
Projects numberMin Size Mb If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Default is 0. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive
Projects numberSend Warning Email After Months If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Default is 1. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- invisible
Captcha booleanEnabled Enable Invisible CAPTCHA spam detection during sign-up. Disabled by default.
- issues
Create numberLimit Max number of issue creation requests per minute per user. Disabled by default.
- keep
Latest booleanArtifact Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time. Enabled by default.
- local
Markdown numberVersion Increase this value when any cached Markdown should be invalidated.
- mailgun
Events booleanEnabled Enable Mailgun event receiver.
- mailgun
Signing stringKey The Mailgun HTTP webhook signing key for receiving events from webhook.
- maintenance
Mode boolean When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- maintenance
Mode stringMessage Message displayed when instance is in maintenance mode.
- max
Artifacts numberSize Maximum artifacts size in MB.
- max
Attachment numberSize Limit attachment size in MB.
- max
Export numberSize Maximum export size in MB. 0 for unlimited. Default = 0 (unlimited).
- max
Import numberSize Maximum import size in MB. 0 for unlimited. Default = 0 (unlimited) Modified from 50MB to 0 in GitLab 13.8.
- max
Number numberOf Repository Downloads Maximum number of unique repositories a user can download in the specified time period before they are banned. Default: 0, Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- max
Number numberOf Repository Downloads Within Time Period Reporting time period (in seconds). Default: 0, Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- max
Pages numberSize Maximum size of pages repositories in MB.
- max
Personal numberAccess Token Lifetime Maximum allowable lifetime for access tokens in days.
- max
Ssh numberKey Lifetime Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- metrics
Method numberCall Threshold A method call is only tracked when it takes longer than the given amount of milliseconds.
- mirror
Available boolean Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- mirror
Capacity numberThreshold Minimum capacity to be available before scheduling more mirrors preemptively.
- mirror
Max numberCapacity Maximum number of mirrors that can be synchronizing at the same time.
- mirror
Max numberDelay Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- npm
Package booleanRequests Forwarding Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- outbound
Local string[]Requests Whitelists Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- package
Registry numberCleanup Policies Worker Capacity Number of workers assigned to the packages cleanup policies.
- pages
Domain booleanVerification Enabled Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- password
Authentication booleanEnabled For Git Enable authentication for Git over HTTP(S) via a GitLab account password. Default is true.
- password
Authentication booleanEnabled For Web Enable authentication for the web interface via a GitLab account password. Default is true.
- password
Lowercase booleanRequired Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- password
Number booleanRequired Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- password
Symbol booleanRequired Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- password
Uppercase booleanRequired Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- performance
Bar stringAllowed Group Path Path of the group that is allowed to toggle the performance bar.
- personal
Access stringToken Prefix Prefix for all generated personal access tokens.
- pipeline
Limit numberPer Project User Sha Maximum number of pipeline creation requests per minute per user and commit. Disabled by default.
- plantuml
Enabled boolean (If enabled, requires: plantuml_url) Enable PlantUML integration. Default is false.
- plantuml
Url string The PlantUML instance URL for integration.
- polling
Interval numberMultiplier Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- project
Export booleanEnabled Enable project export.
- prometheus
Metrics booleanEnabled Enable Prometheus metrics.
- protected
Ci booleanVariables CI/CD variables are protected by default.
- push
Event numberActivities Limit Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- push
Event numberHooks Limit Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- pypi
Package booleanRequests Forwarding Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- rate
Limiting stringResponse Text When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- raw
Blob numberRequest Limit Max number of requests per minute for each raw path. Default: 300. To disable throttling set to 0.
- recaptcha
Enabled boolean (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- recaptcha
Private stringKey Private key for reCAPTCHA.
- recaptcha
Site stringKey Site key for reCAPTCHA.
- receive
Max numberInput Size Maximum push size (MB).
- repository
Checks booleanEnabled GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- repository
Size numberLimit Size limit per repository (MB).
- repository
Storages string[] (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- repository
Storages {[key: string]: number}Weighted (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- require
Admin booleanApproval After User Signup When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- require
Two booleanFactor Authentication (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- restricted
Visibility string[]Levels Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Default is null which means there is no restriction.
- rsa
Key numberRestriction The minimum allowed bit length of an uploaded RSA key. Default is 0 (no restriction). -1 disables RSA keys.
- search
Rate numberLimit Max number of requests per minute for performing a search while authenticated. Default: 30. To disable throttling set to 0.
- search
Rate numberLimit Unauthenticated Max number of requests per minute for performing a search while unauthenticated. Default: 10. To disable throttling set to 0.
- send
User booleanConfirmation Email Send confirmation email on sign-up.
- session
Expire numberDelay Session duration in minutes. GitLab restart is required to apply changes.
- boolean
(If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- number
Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- string
Shared runners text.
- sidekiq
Job numberLimiter Compression Threshold Bytes The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis. Default: 100 000 bytes (100KB).
- sidekiq
Job numberLimiter Limit Bytes The threshold in bytes at which Sidekiq jobs are rejected. Default: 0 bytes (doesn’t reject any job).
- sidekiq
Job stringLimiter Mode track or compress. Sets the behavior for Sidekiq job size limits. Default: ‘compress’.
- sign
In stringText Text on the login page.
- signup
Enabled boolean Enable registration. Default is true.
- slack
App booleanEnabled (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- slack
App stringId The app ID of the Slack-app.
- slack
App stringSecret The app secret of the Slack-app.
- slack
App stringSigning Secret The signing secret of the Slack-app.
- slack
App stringVerification Token The verification token of the Slack-app.
- snippet
Size numberLimit Max snippet content size in bytes. Default: 52428800 Bytes (50MB).
- snowplow
App stringId The Snowplow site name / application ID. (for example, gitlab)
- snowplow
Collector stringHostname The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- string
The Snowplow cookie domain. (for example, .gitlab.com)
- snowplow
Enabled boolean Enable snowplow tracking.
- sourcegraph
Enabled boolean Enables Sourcegraph integration. Default is false. If enabled, requires sourcegraph_url.
- sourcegraph
Public booleanOnly Blocks Sourcegraph from being loaded on private and internal projects. Default is true.
- sourcegraph
Url string The Sourcegraph instance URL for integration.
- spam
Check stringApi Key API key used by GitLab for accessing the Spam Check service endpoint.
- spam
Check booleanEndpoint Enabled Enables spam checking using external Spam Check API endpoint. Default is false.
- spam
Check stringEndpoint Url URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- suggest
Pipeline booleanEnabled Enable pipeline suggestion banner.
- terminal
Max numberSession Time Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- terms string
(Required by: enforce_terms) Markdown content for the ToS.
- throttle
Authenticated booleanApi Enabled (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Authenticated numberApi Period In Seconds Rate limit period (in seconds).
- throttle
Authenticated numberApi Requests Per Period Maximum requests per period per user.
- throttle
Authenticated booleanPackages Api Enabled (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle
Authenticated numberPackages Api Period In Seconds Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle
Authenticated numberPackages Api Requests Per Period Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle
Authenticated booleanWeb Enabled (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Authenticated numberWeb Period In Seconds Rate limit period (in seconds).
- throttle
Authenticated numberWeb Requests Per Period Maximum requests per period per user.
- throttle
Unauthenticated booleanApi Enabled (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Unauthenticated numberApi Period In Seconds Rate limit period in seconds.
- throttle
Unauthenticated numberApi Requests Per Period Max requests per period per IP.
- throttle
Unauthenticated booleanPackages Api Enabled (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle
Unauthenticated numberPackages Api Period In Seconds Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle
Unauthenticated numberPackages Api Requests Per Period Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle
Unauthenticated booleanWeb Enabled (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Unauthenticated numberWeb Period In Seconds Rate limit period in seconds.
- throttle
Unauthenticated numberWeb Requests Per Period Max requests per period per IP.
- time
Tracking booleanLimit To Hours Limit display of time tracking units to hours. Default is false.
- two
Factor numberGrace Period Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- unique
Ips booleanLimit Enabled (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- unique
Ips numberLimit Per User Maximum number of IPs per user.
- unique
Ips numberLimit Time Window How many seconds an IP is counted towards the limit.
- usage
Ping booleanEnabled Every week GitLab reports license usage back to GitLab, Inc.
- user
Deactivation booleanEmails Enabled Send an email to users upon account deactivation.
- user
Default booleanExternal Newly registered users are external by default.
- user
Default stringInternal Regex Specify an email address regex pattern to identify default internal users.
- user
Oauth booleanApplications Allow users to register any application to use GitLab as an OAuth provider.
- user
Show booleanAdd Ssh Key Message When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- version
Check booleanEnabled Let GitLab inform you when an update is available.
- web
Ide booleanClientside Preview Enabled Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- whats
New stringVariant What’s new variant, possible values: alltiers, currenttier, and disabled.
- wiki
Page numberMax Content Bytes Maximum wiki page content size in bytes. Default: 52428800 Bytes (50 MB). The minimum value is 1024 bytes.
- abuse_
notification_ stremail If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- admin_
mode bool Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- after_
sign_ strout_ path Where to redirect users after logout.
- after_
sign_ strup_ text Text shown to the user after signing up.
- str
API key for Akismet spam protection.
- bool
(If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- allow_
group_ boolowners_ to_ manage_ ldap Set to true to allow group owners to manage LDAP.
- allow_
local_ boolrequests_ from_ system_ hooks Allow requests to the local network from system hooks.
- allow_
local_ boolrequests_ from_ web_ hooks_ and_ services Allow requests to the local network from web hooks and services.
- archive_
builds_ strin_ human_ readable Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- asset_
proxy_ Sequence[str]allowlists Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- asset_
proxy_ boolenabled (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- asset_
proxy_ strsecret_ key Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- asset_
proxy_ strurl URL of the asset proxy server. GitLab restart is required to apply changes.
- bool
By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- auto_
devops_ strdomain Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- auto_
devops_ boolenabled Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- automatic_
purchased_ boolstorage_ allocation Enabling this permits automatic allocation of purchased storage in a namespace.
- check_
namespace_ boolplan Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- commit_
email_ strhostname Custom hostname (for private commit emails).
- container_
expiration_ boolpolicies_ enable_ historic_ entries Enable cleanup policies for all projects.
- int
The maximum number of tags that can be deleted in a single execution of cleanup policies.
- int
The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- container_
registry_ boolexpiration_ policies_ caching Caching during the execution of cleanup policies.
- container_
registry_ intexpiration_ policies_ worker_ capacity Number of workers for cleanup policies.
- container_
registry_ inttoken_ expire_ delay Container Registry token duration in minutes.
- deactivate_
dormant_ boolusers Enable automatic deactivation of dormant users.
- default_
artifacts_ strexpire_ in Set the default expiration time for each job’s artifacts.
- default_
branch_ strname Instance-level custom initial branch name (introduced in GitLab 13.2).
- default_
branch_ intprotection Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- default_
ci_ strconfig_ path Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- default_
group_ strvisibility What visibility level new groups receive. Can take private, internal and public as a parameter. Default is private.
- default_
project_ intcreation Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- default_
project_ strvisibility What visibility level new projects receive. Can take private, internal and public as a parameter. Default is private.
- default_
projects_ intlimit Project limit per user. Default is 100000.
- default_
snippet_ strvisibility What visibility level new snippets receive. Can take private, internal and public as a parameter. Default is private.
- delayed_
group_ booldeletion Enable delayed group deletion. Default is true. Introduced in GitLab 15.0. From GitLab 15.1, disables and locks the group-level setting for delayed protect deletion when set to false.
- delayed_
project_ booldeletion Enable delayed project deletion by default in new groups. Default is false. From GitLab 15.1, can only be enabled when delayedgroupdeletion is true.
- delete_
inactive_ boolprojects Enable inactive project deletion feature. Default is false. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion, disabled by default).
- deletion_
adjourned_ intperiod The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90. Defaults to 7. From GitLab 15.1, a hook on deletionadjournedperiod sets the period to 1 on every update, and sets both delayedprojectdeletion and delayedgroupdeletion to false if the period is 0.
- diff_
max_ intfiles Maximum files in a diff.
- diff_
max_ intlines Maximum lines in a diff.
- diff_
max_ intpatch_ bytes Maximum diff patch size, in bytes.
- disable_
feed_ booltoken Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- disabled_
oauth_ Sequence[str]sign_ in_ sources Disabled OAuth sign-in sources.
- dns_
rebinding_ boolprotection_ enabled Enforce DNS rebinding attack protection.
- domain_
allowlists Sequence[str] Force people to use only corporate emails for sign-up. Default is null, meaning there is no restriction.
- domain_
denylist_ boolenabled (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- domain_
denylists Sequence[str] Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- dsa_
key_ intrestriction The minimum allowed bit length of an uploaded DSA key. Default is 0 (no restriction). -1 disables DSA keys.
- ecdsa_
key_ intrestriction The minimum allowed curve size (in bits) of an uploaded ECDSA key. Default is 0 (no restriction). -1 disables ECDSA keys.
- ecdsa_
sk_ intkey_ restriction The minimum allowed curve size (in bits) of an uploaded ECDSASK key. Default is 0 (no restriction). -1 disables ECDSASK keys.
- ed25519_
key_ intrestriction The minimum allowed curve size (in bits) of an uploaded ED25519 key. Default is 0 (no restriction). -1 disables ED25519 keys.
- ed25519_
sk_ intkey_ restriction The minimum allowed curve size (in bits) of an uploaded ED25519SK key. Default is 0 (no restriction). -1 disables ED25519SK keys.
- eks_
access_ strkey_ id AWS IAM access key ID.
- eks_
account_ strid Amazon account ID.
- eks_
integration_ boolenabled Enable integration with Amazon EKS.
- eks_
secret_ straccess_ key AWS IAM secret access key.
- elasticsearch_
aws bool Enable the use of AWS hosted Elasticsearch.
- elasticsearch_
aws_ straccess_ key AWS IAM access key.
- elasticsearch_
aws_ strregion The AWS region the Elasticsearch domain is configured.
- elasticsearch_
aws_ strsecret_ access_ key AWS IAM secret access key.
- elasticsearch_
indexed_ intfield_ length_ limit Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- elasticsearch_
indexed_ intfile_ size_ limit_ kb Maximum size of repository and wiki files that are indexed by Elasticsearch.
- elasticsearch_
indexing bool Enable Elasticsearch indexing.
- elasticsearch_
limit_ boolindexing Limit Elasticsearch to index certain namespaces and projects.
- elasticsearch_
max_ intbulk_ concurrency Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- elasticsearch_
max_ intbulk_ size_ mb Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- elasticsearch_
namespace_ Sequence[str]ids The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch_
password str The password of your Elasticsearch instance.
- elasticsearch_
project_ Sequence[str]ids The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch_
search bool Enable Elasticsearch search.
- elasticsearch_
urls Sequence[str] The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- elasticsearch_
username str The username of your Elasticsearch instance.
- email_
additional_ strtext Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- bool
Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- enabled_
git_ straccess_ protocol Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- enforce_
namespace_ boolstorage_ limit Enabling this permits enforcement of namespace storage limits.
- enforce_
terms bool (If enabled, requires: terms) Enforce application ToS to all users.
- external_
auth_ strclient_ cert (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- external_
auth_ strclient_ key Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- external_
auth_ strclient_ key_ pass Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- str
The default classification label to use when requesting authorization and no classification label has been specified on the project.
- bool
(If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- float
The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- str
URL to which authorization requests are directed.
- external_
pipeline_ intvalidation_ service_ timeout How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- external_
pipeline_ strvalidation_ service_ token Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- external_
pipeline_ strvalidation_ service_ url URL to use for pipeline validation requests.
- file_
template_ intproject_ id The ID of a project to load custom file templates from.
- first_
day_ intof_ week Start day of the week for calendar views and date pickers. Valid values are 0 (default) for Sunday, 1 for Monday, and 6 for Saturday.
- geo_
node_ strallowed_ ips Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- geo_
status_ inttimeout The amount of seconds after which a request to get a secondary node status times out.
- git_
rate_ Sequence[str]limit_ users_ allowlists List of usernames excluded from Git anti-abuse rate limits. Default: [], Maximum: 100 usernames. Introduced in GitLab 15.2.
- git_
two_ intfactor_ session_ expiry Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- gitaly_
timeout_ intdefault Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- gitaly_
timeout_ intfast Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- gitaly_
timeout_ intmedium Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- grafana_
enabled bool Enable Grafana.
- grafana_
url str Grafana URL.
- gravatar_
enabled bool Enable Gravatar.
- hashed_
storage_ boolenabled Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- help_
page_ boolhide_ commercial_ content Hide marketing-related entries from help.
- help_
page_ strsupport_ url Alternate support URL for help page and help dropdown.
- help_
page_ strtext Custom text displayed on the help page.
- help_
text str GitLab server administrator information.
- hide_
third_ boolparty_ offers Do not display offers from third parties in GitLab.
- home_
page_ strurl Redirect to this URL when not logged in.
- housekeeping_
enabled bool (If enabled, requires: housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod) Enable or disable Git housekeeping.
- housekeeping_
full_ intrepack_ period Number of Git pushes after which an incremental git repack is run.
- housekeeping_
gc_ intperiod Number of Git pushes after which git gc is run.
- housekeeping_
incremental_ intrepack_ period Number of Git pushes after which an incremental git repack is run.
- html_
emails_ boolenabled Enable HTML emails.
- import_
sources Sequence[str] Sources to allow project import from, possible values: github, bitbucket, bitbucketserver, gitlab, fogbugz, git, gitlabproject, gitea, manifest, and phabricator.
- in_
product_ boolmarketing_ emails_ enabled Enable in-product marketing emails. Enabled by default.
- inactive_
projects_ intdelete_ after_ months If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Default is 2. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive_
projects_ intmin_ size_ mb If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Default is 0. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive_
projects_ intsend_ warning_ email_ after_ months If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Default is 1. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- invisible_
captcha_ boolenabled Enable Invisible CAPTCHA spam detection during sign-up. Disabled by default.
- issues_
create_ intlimit Max number of issue creation requests per minute per user. Disabled by default.
- keep_
latest_ boolartifact Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time. Enabled by default.
- local_
markdown_ intversion Increase this value when any cached Markdown should be invalidated.
- mailgun_
events_ boolenabled Enable Mailgun event receiver.
- mailgun_
signing_ strkey The Mailgun HTTP webhook signing key for receiving events from webhook.
- maintenance_
mode bool When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- maintenance_
mode_ strmessage Message displayed when instance is in maintenance mode.
- max_
artifacts_ intsize Maximum artifacts size in MB.
- max_
attachment_ intsize Limit attachment size in MB.
- max_
export_ intsize Maximum export size in MB. 0 for unlimited. Default = 0 (unlimited).
- max_
import_ intsize Maximum import size in MB. 0 for unlimited. Default = 0 (unlimited) Modified from 50MB to 0 in GitLab 13.8.
- max_
number_ intof_ repository_ downloads Maximum number of unique repositories a user can download in the specified time period before they are banned. Default: 0, Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- max_
number_ intof_ repository_ downloads_ within_ time_ period Reporting time period (in seconds). Default: 0, Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- max_
pages_ intsize Maximum size of pages repositories in MB.
- max_
personal_ intaccess_ token_ lifetime Maximum allowable lifetime for access tokens in days.
- max_
ssh_ intkey_ lifetime Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- metrics_
method_ intcall_ threshold A method call is only tracked when it takes longer than the given amount of milliseconds.
- mirror_
available bool Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- mirror_
capacity_ intthreshold Minimum capacity to be available before scheduling more mirrors preemptively.
- mirror_
max_ intcapacity Maximum number of mirrors that can be synchronizing at the same time.
- mirror_
max_ intdelay Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- npm_
package_ boolrequests_ forwarding Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- outbound_
local_ Sequence[str]requests_ whitelists Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- package_
registry_ intcleanup_ policies_ worker_ capacity Number of workers assigned to the packages cleanup policies.
- pages_
domain_ boolverification_ enabled Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- password_
authentication_ boolenabled_ for_ git Enable authentication for Git over HTTP(S) via a GitLab account password. Default is true.
- password_
authentication_ boolenabled_ for_ web Enable authentication for the web interface via a GitLab account password. Default is true.
- password_
lowercase_ boolrequired Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- password_
number_ boolrequired Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- password_
symbol_ boolrequired Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- password_
uppercase_ boolrequired Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- performance_
bar_ strallowed_ group_ path Path of the group that is allowed to toggle the performance bar.
- personal_
access_ strtoken_ prefix Prefix for all generated personal access tokens.
- pipeline_
limit_ intper_ project_ user_ sha Maximum number of pipeline creation requests per minute per user and commit. Disabled by default.
- plantuml_
enabled bool (If enabled, requires: plantuml_url) Enable PlantUML integration. Default is false.
- plantuml_
url str The PlantUML instance URL for integration.
- polling_
interval_ floatmultiplier Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- project_
export_ boolenabled Enable project export.
- prometheus_
metrics_ boolenabled Enable Prometheus metrics.
- protected_
ci_ boolvariables CI/CD variables are protected by default.
- push_
event_ intactivities_ limit Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- push_
event_ inthooks_ limit Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- pypi_
package_ boolrequests_ forwarding Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- rate_
limiting_ strresponse_ text When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- raw_
blob_ intrequest_ limit Max number of requests per minute for each raw path. Default: 300. To disable throttling set to 0.
- recaptcha_
enabled bool (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- recaptcha_
private_ strkey Private key for reCAPTCHA.
- recaptcha_
site_ strkey Site key for reCAPTCHA.
- receive_
max_ intinput_ size Maximum push size (MB).
- repository_
checks_ boolenabled GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- repository_
size_ intlimit Size limit per repository (MB).
- repository_
storages Sequence[str] (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- repository_
storages_ Mapping[str, int]weighted (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- require_
admin_ boolapproval_ after_ user_ signup When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- require_
two_ boolfactor_ authentication (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- restricted_
visibility_ Sequence[str]levels Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Default is null which means there is no restriction.
- rsa_
key_ intrestriction The minimum allowed bit length of an uploaded RSA key. Default is 0 (no restriction). -1 disables RSA keys.
- search_
rate_ intlimit Max number of requests per minute for performing a search while authenticated. Default: 30. To disable throttling set to 0.
- search_
rate_ intlimit_ unauthenticated Max number of requests per minute for performing a search while unauthenticated. Default: 10. To disable throttling set to 0.
- send_
user_ boolconfirmation_ email Send confirmation email on sign-up.
- session_
expire_ intdelay Session duration in minutes. GitLab restart is required to apply changes.
- bool
(If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- int
Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- str
Shared runners text.
- sidekiq_
job_ intlimiter_ compression_ threshold_ bytes The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis. Default: 100 000 bytes (100KB).
- sidekiq_
job_ intlimiter_ limit_ bytes The threshold in bytes at which Sidekiq jobs are rejected. Default: 0 bytes (doesn’t reject any job).
- sidekiq_
job_ strlimiter_ mode track or compress. Sets the behavior for Sidekiq job size limits. Default: ‘compress’.
- sign_
in_ strtext Text on the login page.
- signup_
enabled bool Enable registration. Default is true.
- slack_
app_ boolenabled (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- slack_
app_ strid The app ID of the Slack-app.
- slack_
app_ strsecret The app secret of the Slack-app.
- slack_
app_ strsigning_ secret The signing secret of the Slack-app.
- slack_
app_ strverification_ token The verification token of the Slack-app.
- snippet_
size_ intlimit Max snippet content size in bytes. Default: 52428800 Bytes (50MB).
- snowplow_
app_ strid The Snowplow site name / application ID. (for example, gitlab)
- snowplow_
collector_ strhostname The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- str
The Snowplow cookie domain. (for example, .gitlab.com)
- snowplow_
enabled bool Enable snowplow tracking.
- sourcegraph_
enabled bool Enables Sourcegraph integration. Default is false. If enabled, requires sourcegraph_url.
- sourcegraph_
public_ boolonly Blocks Sourcegraph from being loaded on private and internal projects. Default is true.
- sourcegraph_
url str The Sourcegraph instance URL for integration.
- spam_
check_ strapi_ key API key used by GitLab for accessing the Spam Check service endpoint.
- spam_
check_ boolendpoint_ enabled Enables spam checking using external Spam Check API endpoint. Default is false.
- spam_
check_ strendpoint_ url URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- suggest_
pipeline_ boolenabled Enable pipeline suggestion banner.
- terminal_
max_ intsession_ time Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- terms str
(Required by: enforce_terms) Markdown content for the ToS.
- throttle_
authenticated_ boolapi_ enabled (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle_
authenticated_ intapi_ period_ in_ seconds Rate limit period (in seconds).
- throttle_
authenticated_ intapi_ requests_ per_ period Maximum requests per period per user.
- throttle_
authenticated_ boolpackages_ api_ enabled (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle_
authenticated_ intpackages_ api_ period_ in_ seconds Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle_
authenticated_ intpackages_ api_ requests_ per_ period Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle_
authenticated_ boolweb_ enabled (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle_
authenticated_ intweb_ period_ in_ seconds Rate limit period (in seconds).
- throttle_
authenticated_ intweb_ requests_ per_ period Maximum requests per period per user.
- throttle_
unauthenticated_ boolapi_ enabled (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle_
unauthenticated_ intapi_ period_ in_ seconds Rate limit period in seconds.
- throttle_
unauthenticated_ intapi_ requests_ per_ period Max requests per period per IP.
- throttle_
unauthenticated_ boolpackages_ api_ enabled (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle_
unauthenticated_ intpackages_ api_ period_ in_ seconds Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle_
unauthenticated_ intpackages_ api_ requests_ per_ period Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle_
unauthenticated_ boolweb_ enabled (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle_
unauthenticated_ intweb_ period_ in_ seconds Rate limit period in seconds.
- throttle_
unauthenticated_ intweb_ requests_ per_ period Max requests per period per IP.
- time_
tracking_ boollimit_ to_ hours Limit display of time tracking units to hours. Default is false.
- two_
factor_ intgrace_ period Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- unique_
ips_ boollimit_ enabled (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- unique_
ips_ intlimit_ per_ user Maximum number of IPs per user.
- unique_
ips_ intlimit_ time_ window How many seconds an IP is counted towards the limit.
- usage_
ping_ boolenabled Every week GitLab reports license usage back to GitLab, Inc.
- user_
deactivation_ boolemails_ enabled Send an email to users upon account deactivation.
- user_
default_ boolexternal Newly registered users are external by default.
- user_
default_ strinternal_ regex Specify an email address regex pattern to identify default internal users.
- user_
oauth_ boolapplications Allow users to register any application to use GitLab as an OAuth provider.
- user_
show_ booladd_ ssh_ key_ message When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- version_
check_ boolenabled Let GitLab inform you when an update is available.
- web_
ide_ boolclientside_ preview_ enabled Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- whats_
new_ strvariant What’s new variant, possible values: alltiers, currenttier, and disabled.
- wiki_
page_ intmax_ content_ bytes Maximum wiki page content size in bytes. Default: 52428800 Bytes (50 MB). The minimum value is 1024 bytes.
- abuse
Notification StringEmail If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- admin
Mode Boolean Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- after
Sign StringOut Path Where to redirect users after logout.
- after
Sign StringUp Text Text shown to the user after signing up.
- String
API key for Akismet spam protection.
- Boolean
(If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- allow
Group BooleanOwners To Manage Ldap Set to true to allow group owners to manage LDAP.
- allow
Local BooleanRequests From System Hooks Allow requests to the local network from system hooks.
- allow
Local BooleanRequests From Web Hooks And Services Allow requests to the local network from web hooks and services.
- archive
Builds StringIn Human Readable Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- asset
Proxy List<String>Allowlists Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- asset
Proxy BooleanEnabled (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- asset
Proxy StringSecret Key Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- asset
Proxy StringUrl URL of the asset proxy server. GitLab restart is required to apply changes.
- Boolean
By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- auto
Devops StringDomain Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- auto
Devops BooleanEnabled Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- automatic
Purchased BooleanStorage Allocation Enabling this permits automatic allocation of purchased storage in a namespace.
- check
Namespace BooleanPlan Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- commit
Email StringHostname Custom hostname (for private commit emails).
- container
Expiration BooleanPolicies Enable Historic Entries Enable cleanup policies for all projects.
- Number
The maximum number of tags that can be deleted in a single execution of cleanup policies.
- Number
The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- container
Registry BooleanExpiration Policies Caching Caching during the execution of cleanup policies.
- container
Registry NumberExpiration Policies Worker Capacity Number of workers for cleanup policies.
- container
Registry NumberToken Expire Delay Container Registry token duration in minutes.
- deactivate
Dormant BooleanUsers Enable automatic deactivation of dormant users.
- default
Artifacts StringExpire In Set the default expiration time for each job’s artifacts.
- default
Branch StringName Instance-level custom initial branch name (introduced in GitLab 13.2).
- default
Branch NumberProtection Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- default
Ci StringConfig Path Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- default
Group StringVisibility What visibility level new groups receive. Can take private, internal and public as a parameter. Default is private.
- default
Project NumberCreation Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- default
Project StringVisibility What visibility level new projects receive. Can take private, internal and public as a parameter. Default is private.
- default
Projects NumberLimit Project limit per user. Default is 100000.
- default
Snippet StringVisibility What visibility level new snippets receive. Can take private, internal and public as a parameter. Default is private.
- delayed
Group BooleanDeletion Enable delayed group deletion. Default is true. Introduced in GitLab 15.0. From GitLab 15.1, disables and locks the group-level setting for delayed protect deletion when set to false.
- delayed
Project BooleanDeletion Enable delayed project deletion by default in new groups. Default is false. From GitLab 15.1, can only be enabled when delayedgroupdeletion is true.
- delete
Inactive BooleanProjects Enable inactive project deletion feature. Default is false. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion, disabled by default).
- deletion
Adjourned NumberPeriod The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90. Defaults to 7. From GitLab 15.1, a hook on deletionadjournedperiod sets the period to 1 on every update, and sets both delayedprojectdeletion and delayedgroupdeletion to false if the period is 0.
- diff
Max NumberFiles Maximum files in a diff.
- diff
Max NumberLines Maximum lines in a diff.
- diff
Max NumberPatch Bytes Maximum diff patch size, in bytes.
- disable
Feed BooleanToken Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- disabled
Oauth List<String>Sign In Sources Disabled OAuth sign-in sources.
- dns
Rebinding BooleanProtection Enabled Enforce DNS rebinding attack protection.
- domain
Allowlists List<String> Force people to use only corporate emails for sign-up. Default is null, meaning there is no restriction.
- domain
Denylist BooleanEnabled (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- domain
Denylists List<String> Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- dsa
Key NumberRestriction The minimum allowed bit length of an uploaded DSA key. Default is 0 (no restriction). -1 disables DSA keys.
- ecdsa
Key NumberRestriction The minimum allowed curve size (in bits) of an uploaded ECDSA key. Default is 0 (no restriction). -1 disables ECDSA keys.
- ecdsa
Sk NumberKey Restriction The minimum allowed curve size (in bits) of an uploaded ECDSASK key. Default is 0 (no restriction). -1 disables ECDSASK keys.
- ed25519Key
Restriction Number The minimum allowed curve size (in bits) of an uploaded ED25519 key. Default is 0 (no restriction). -1 disables ED25519 keys.
- ed25519Sk
Key NumberRestriction The minimum allowed curve size (in bits) of an uploaded ED25519SK key. Default is 0 (no restriction). -1 disables ED25519SK keys.
- eks
Access StringKey Id AWS IAM access key ID.
- eks
Account StringId Amazon account ID.
- eks
Integration BooleanEnabled Enable integration with Amazon EKS.
- eks
Secret StringAccess Key AWS IAM secret access key.
- elasticsearch
Aws Boolean Enable the use of AWS hosted Elasticsearch.
- elasticsearch
Aws StringAccess Key AWS IAM access key.
- elasticsearch
Aws StringRegion The AWS region the Elasticsearch domain is configured.
- elasticsearch
Aws StringSecret Access Key AWS IAM secret access key.
- elasticsearch
Indexed NumberField Length Limit Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- elasticsearch
Indexed NumberFile Size Limit Kb Maximum size of repository and wiki files that are indexed by Elasticsearch.
- elasticsearch
Indexing Boolean Enable Elasticsearch indexing.
- elasticsearch
Limit BooleanIndexing Limit Elasticsearch to index certain namespaces and projects.
- elasticsearch
Max NumberBulk Concurrency Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- elasticsearch
Max NumberBulk Size Mb Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- elasticsearch
Namespace List<String>Ids The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch
Password String The password of your Elasticsearch instance.
- elasticsearch
Project List<String>Ids The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch
Search Boolean Enable Elasticsearch search.
- elasticsearch
Urls List<String> The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- elasticsearch
Username String The username of your Elasticsearch instance.
- email
Additional StringText Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- Boolean
Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- enabled
Git StringAccess Protocol Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- enforce
Namespace BooleanStorage Limit Enabling this permits enforcement of namespace storage limits.
- enforce
Terms Boolean (If enabled, requires: terms) Enforce application ToS to all users.
- external
Auth StringClient Cert (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- external
Auth StringClient Key Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- external
Auth StringClient Key Pass Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- String
The default classification label to use when requesting authorization and no classification label has been specified on the project.
- Boolean
(If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- Number
The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- String
URL to which authorization requests are directed.
- external
Pipeline NumberValidation Service Timeout How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- external
Pipeline StringValidation Service Token Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- external
Pipeline StringValidation Service Url URL to use for pipeline validation requests.
- file
Template NumberProject Id The ID of a project to load custom file templates from.
- first
Day NumberOf Week Start day of the week for calendar views and date pickers. Valid values are 0 (default) for Sunday, 1 for Monday, and 6 for Saturday.
- geo
Node StringAllowed Ips Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- geo
Status NumberTimeout The amount of seconds after which a request to get a secondary node status times out.
- git
Rate List<String>Limit Users Allowlists List of usernames excluded from Git anti-abuse rate limits. Default: [], Maximum: 100 usernames. Introduced in GitLab 15.2.
- git
Two NumberFactor Session Expiry Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- gitaly
Timeout NumberDefault Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- gitaly
Timeout NumberFast Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- gitaly
Timeout NumberMedium Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- grafana
Enabled Boolean Enable Grafana.
- grafana
Url String Grafana URL.
- gravatar
Enabled Boolean Enable Gravatar.
- hashed
Storage BooleanEnabled Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- help
Page BooleanHide Commercial Content Hide marketing-related entries from help.
- help
Page StringSupport Url Alternate support URL for help page and help dropdown.
- help
Page StringText Custom text displayed on the help page.
- help
Text String GitLab server administrator information.
- hide
Third BooleanParty Offers Do not display offers from third parties in GitLab.
- home
Page StringUrl Redirect to this URL when not logged in.
- housekeeping
Enabled Boolean (If enabled, requires: housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod) Enable or disable Git housekeeping.
- housekeeping
Full NumberRepack Period Number of Git pushes after which an incremental git repack is run.
- housekeeping
Gc NumberPeriod Number of Git pushes after which git gc is run.
- housekeeping
Incremental NumberRepack Period Number of Git pushes after which an incremental git repack is run.
- html
Emails BooleanEnabled Enable HTML emails.
- import
Sources List<String> Sources to allow project import from, possible values: github, bitbucket, bitbucketserver, gitlab, fogbugz, git, gitlabproject, gitea, manifest, and phabricator.
- in
Product BooleanMarketing Emails Enabled Enable in-product marketing emails. Enabled by default.
- inactive
Projects NumberDelete After Months If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Default is 2. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive
Projects NumberMin Size Mb If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Default is 0. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive
Projects NumberSend Warning Email After Months If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Default is 1. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- invisible
Captcha BooleanEnabled Enable Invisible CAPTCHA spam detection during sign-up. Disabled by default.
- issues
Create NumberLimit Max number of issue creation requests per minute per user. Disabled by default.
- keep
Latest BooleanArtifact Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time. Enabled by default.
- local
Markdown NumberVersion Increase this value when any cached Markdown should be invalidated.
- mailgun
Events BooleanEnabled Enable Mailgun event receiver.
- mailgun
Signing StringKey The Mailgun HTTP webhook signing key for receiving events from webhook.
- maintenance
Mode Boolean When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- maintenance
Mode StringMessage Message displayed when instance is in maintenance mode.
- max
Artifacts NumberSize Maximum artifacts size in MB.
- max
Attachment NumberSize Limit attachment size in MB.
- max
Export NumberSize Maximum export size in MB. 0 for unlimited. Default = 0 (unlimited).
- max
Import NumberSize Maximum import size in MB. 0 for unlimited. Default = 0 (unlimited) Modified from 50MB to 0 in GitLab 13.8.
- max
Number NumberOf Repository Downloads Maximum number of unique repositories a user can download in the specified time period before they are banned. Default: 0, Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- max
Number NumberOf Repository Downloads Within Time Period Reporting time period (in seconds). Default: 0, Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- max
Pages NumberSize Maximum size of pages repositories in MB.
- max
Personal NumberAccess Token Lifetime Maximum allowable lifetime for access tokens in days.
- max
Ssh NumberKey Lifetime Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- metrics
Method NumberCall Threshold A method call is only tracked when it takes longer than the given amount of milliseconds.
- mirror
Available Boolean Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- mirror
Capacity NumberThreshold Minimum capacity to be available before scheduling more mirrors preemptively.
- mirror
Max NumberCapacity Maximum number of mirrors that can be synchronizing at the same time.
- mirror
Max NumberDelay Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- npm
Package BooleanRequests Forwarding Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- outbound
Local List<String>Requests Whitelists Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- package
Registry NumberCleanup Policies Worker Capacity Number of workers assigned to the packages cleanup policies.
- pages
Domain BooleanVerification Enabled Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- password
Authentication BooleanEnabled For Git Enable authentication for Git over HTTP(S) via a GitLab account password. Default is true.
- password
Authentication BooleanEnabled For Web Enable authentication for the web interface via a GitLab account password. Default is true.
- password
Lowercase BooleanRequired Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- password
Number BooleanRequired Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- password
Symbol BooleanRequired Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- password
Uppercase BooleanRequired Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- performance
Bar StringAllowed Group Path Path of the group that is allowed to toggle the performance bar.
- personal
Access StringToken Prefix Prefix for all generated personal access tokens.
- pipeline
Limit NumberPer Project User Sha Maximum number of pipeline creation requests per minute per user and commit. Disabled by default.
- plantuml
Enabled Boolean (If enabled, requires: plantuml_url) Enable PlantUML integration. Default is false.
- plantuml
Url String The PlantUML instance URL for integration.
- polling
Interval NumberMultiplier Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- project
Export BooleanEnabled Enable project export.
- prometheus
Metrics BooleanEnabled Enable Prometheus metrics.
- protected
Ci BooleanVariables CI/CD variables are protected by default.
- push
Event NumberActivities Limit Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- push
Event NumberHooks Limit Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- pypi
Package BooleanRequests Forwarding Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- rate
Limiting StringResponse Text When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- raw
Blob NumberRequest Limit Max number of requests per minute for each raw path. Default: 300. To disable throttling set to 0.
- recaptcha
Enabled Boolean (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- recaptcha
Private StringKey Private key for reCAPTCHA.
- recaptcha
Site StringKey Site key for reCAPTCHA.
- receive
Max NumberInput Size Maximum push size (MB).
- repository
Checks BooleanEnabled GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- repository
Size NumberLimit Size limit per repository (MB).
- repository
Storages List<String> (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- repository
Storages Map<Number>Weighted (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- require
Admin BooleanApproval After User Signup When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- require
Two BooleanFactor Authentication (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- restricted
Visibility List<String>Levels Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Default is null which means there is no restriction.
- rsa
Key NumberRestriction The minimum allowed bit length of an uploaded RSA key. Default is 0 (no restriction). -1 disables RSA keys.
- search
Rate NumberLimit Max number of requests per minute for performing a search while authenticated. Default: 30. To disable throttling set to 0.
- search
Rate NumberLimit Unauthenticated Max number of requests per minute for performing a search while unauthenticated. Default: 10. To disable throttling set to 0.
- send
User BooleanConfirmation Email Send confirmation email on sign-up.
- session
Expire NumberDelay Session duration in minutes. GitLab restart is required to apply changes.
- Boolean
(If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- Number
Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- String
Shared runners text.
- sidekiq
Job NumberLimiter Compression Threshold Bytes The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis. Default: 100 000 bytes (100KB).
- sidekiq
Job NumberLimiter Limit Bytes The threshold in bytes at which Sidekiq jobs are rejected. Default: 0 bytes (doesn’t reject any job).
- sidekiq
Job StringLimiter Mode track or compress. Sets the behavior for Sidekiq job size limits. Default: ‘compress’.
- sign
In StringText Text on the login page.
- signup
Enabled Boolean Enable registration. Default is true.
- slack
App BooleanEnabled (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- slack
App StringId The app ID of the Slack-app.
- slack
App StringSecret The app secret of the Slack-app.
- slack
App StringSigning Secret The signing secret of the Slack-app.
- slack
App StringVerification Token The verification token of the Slack-app.
- snippet
Size NumberLimit Max snippet content size in bytes. Default: 52428800 Bytes (50MB).
- snowplow
App StringId The Snowplow site name / application ID. (for example, gitlab)
- snowplow
Collector StringHostname The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- String
The Snowplow cookie domain. (for example, .gitlab.com)
- snowplow
Enabled Boolean Enable snowplow tracking.
- sourcegraph
Enabled Boolean Enables Sourcegraph integration. Default is false. If enabled, requires sourcegraph_url.
- sourcegraph
Public BooleanOnly Blocks Sourcegraph from being loaded on private and internal projects. Default is true.
- sourcegraph
Url String The Sourcegraph instance URL for integration.
- spam
Check StringApi Key API key used by GitLab for accessing the Spam Check service endpoint.
- spam
Check BooleanEndpoint Enabled Enables spam checking using external Spam Check API endpoint. Default is false.
- spam
Check StringEndpoint Url URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- suggest
Pipeline BooleanEnabled Enable pipeline suggestion banner.
- terminal
Max NumberSession Time Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- terms String
(Required by: enforce_terms) Markdown content for the ToS.
- throttle
Authenticated BooleanApi Enabled (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Authenticated NumberApi Period In Seconds Rate limit period (in seconds).
- throttle
Authenticated NumberApi Requests Per Period Maximum requests per period per user.
- throttle
Authenticated BooleanPackages Api Enabled (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle
Authenticated NumberPackages Api Period In Seconds Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle
Authenticated NumberPackages Api Requests Per Period Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle
Authenticated BooleanWeb Enabled (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Authenticated NumberWeb Period In Seconds Rate limit period (in seconds).
- throttle
Authenticated NumberWeb Requests Per Period Maximum requests per period per user.
- throttle
Unauthenticated BooleanApi Enabled (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Unauthenticated NumberApi Period In Seconds Rate limit period in seconds.
- throttle
Unauthenticated NumberApi Requests Per Period Max requests per period per IP.
- throttle
Unauthenticated BooleanPackages Api Enabled (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle
Unauthenticated NumberPackages Api Period In Seconds Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle
Unauthenticated NumberPackages Api Requests Per Period Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle
Unauthenticated BooleanWeb Enabled (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Unauthenticated NumberWeb Period In Seconds Rate limit period in seconds.
- throttle
Unauthenticated NumberWeb Requests Per Period Max requests per period per IP.
- time
Tracking BooleanLimit To Hours Limit display of time tracking units to hours. Default is false.
- two
Factor NumberGrace Period Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- unique
Ips BooleanLimit Enabled (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- unique
Ips NumberLimit Per User Maximum number of IPs per user.
- unique
Ips NumberLimit Time Window How many seconds an IP is counted towards the limit.
- usage
Ping BooleanEnabled Every week GitLab reports license usage back to GitLab, Inc.
- user
Deactivation BooleanEmails Enabled Send an email to users upon account deactivation.
- user
Default BooleanExternal Newly registered users are external by default.
- user
Default StringInternal Regex Specify an email address regex pattern to identify default internal users.
- user
Oauth BooleanApplications Allow users to register any application to use GitLab as an OAuth provider.
- user
Show BooleanAdd Ssh Key Message When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- version
Check BooleanEnabled Let GitLab inform you when an update is available.
- web
Ide BooleanClientside Preview Enabled Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- whats
New StringVariant What’s new variant, possible values: alltiers, currenttier, and disabled.
- wiki
Page NumberMax Content Bytes Maximum wiki page content size in bytes. Default: 52428800 Bytes (50 MB). The minimum value is 1024 bytes.
Outputs
All input properties are implicitly available as output properties. Additionally, the ApplicationSettings resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing ApplicationSettings Resource
Get an existing ApplicationSettings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ApplicationSettingsState, opts?: CustomResourceOptions): ApplicationSettings@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
abuse_notification_email: Optional[str] = None,
admin_mode: Optional[bool] = None,
after_sign_out_path: Optional[str] = None,
after_sign_up_text: Optional[str] = None,
akismet_api_key: Optional[str] = None,
akismet_enabled: Optional[bool] = None,
allow_group_owners_to_manage_ldap: Optional[bool] = None,
allow_local_requests_from_system_hooks: Optional[bool] = None,
allow_local_requests_from_web_hooks_and_services: Optional[bool] = None,
archive_builds_in_human_readable: Optional[str] = None,
asset_proxy_allowlists: Optional[Sequence[str]] = None,
asset_proxy_enabled: Optional[bool] = None,
asset_proxy_secret_key: Optional[str] = None,
asset_proxy_url: Optional[str] = None,
authorized_keys_enabled: Optional[bool] = None,
auto_devops_domain: Optional[str] = None,
auto_devops_enabled: Optional[bool] = None,
automatic_purchased_storage_allocation: Optional[bool] = None,
check_namespace_plan: Optional[bool] = None,
commit_email_hostname: Optional[str] = None,
container_expiration_policies_enable_historic_entries: Optional[bool] = None,
container_registry_cleanup_tags_service_max_list_size: Optional[int] = None,
container_registry_delete_tags_service_timeout: Optional[int] = None,
container_registry_expiration_policies_caching: Optional[bool] = None,
container_registry_expiration_policies_worker_capacity: Optional[int] = None,
container_registry_token_expire_delay: Optional[int] = None,
deactivate_dormant_users: Optional[bool] = None,
default_artifacts_expire_in: Optional[str] = None,
default_branch_name: Optional[str] = None,
default_branch_protection: Optional[int] = None,
default_ci_config_path: Optional[str] = None,
default_group_visibility: Optional[str] = None,
default_project_creation: Optional[int] = None,
default_project_visibility: Optional[str] = None,
default_projects_limit: Optional[int] = None,
default_snippet_visibility: Optional[str] = None,
delayed_group_deletion: Optional[bool] = None,
delayed_project_deletion: Optional[bool] = None,
delete_inactive_projects: Optional[bool] = None,
deletion_adjourned_period: Optional[int] = None,
diff_max_files: Optional[int] = None,
diff_max_lines: Optional[int] = None,
diff_max_patch_bytes: Optional[int] = None,
disable_feed_token: Optional[bool] = None,
disabled_oauth_sign_in_sources: Optional[Sequence[str]] = None,
dns_rebinding_protection_enabled: Optional[bool] = None,
domain_allowlists: Optional[Sequence[str]] = None,
domain_denylist_enabled: Optional[bool] = None,
domain_denylists: Optional[Sequence[str]] = None,
dsa_key_restriction: Optional[int] = None,
ecdsa_key_restriction: Optional[int] = None,
ecdsa_sk_key_restriction: Optional[int] = None,
ed25519_key_restriction: Optional[int] = None,
ed25519_sk_key_restriction: Optional[int] = None,
eks_access_key_id: Optional[str] = None,
eks_account_id: Optional[str] = None,
eks_integration_enabled: Optional[bool] = None,
eks_secret_access_key: Optional[str] = None,
elasticsearch_aws: Optional[bool] = None,
elasticsearch_aws_access_key: Optional[str] = None,
elasticsearch_aws_region: Optional[str] = None,
elasticsearch_aws_secret_access_key: Optional[str] = None,
elasticsearch_indexed_field_length_limit: Optional[int] = None,
elasticsearch_indexed_file_size_limit_kb: Optional[int] = None,
elasticsearch_indexing: Optional[bool] = None,
elasticsearch_limit_indexing: Optional[bool] = None,
elasticsearch_max_bulk_concurrency: Optional[int] = None,
elasticsearch_max_bulk_size_mb: Optional[int] = None,
elasticsearch_namespace_ids: Optional[Sequence[str]] = None,
elasticsearch_password: Optional[str] = None,
elasticsearch_project_ids: Optional[Sequence[str]] = None,
elasticsearch_search: Optional[bool] = None,
elasticsearch_urls: Optional[Sequence[str]] = None,
elasticsearch_username: Optional[str] = None,
email_additional_text: Optional[str] = None,
email_author_in_body: Optional[bool] = None,
enabled_git_access_protocol: Optional[str] = None,
enforce_namespace_storage_limit: Optional[bool] = None,
enforce_terms: Optional[bool] = None,
external_auth_client_cert: Optional[str] = None,
external_auth_client_key: Optional[str] = None,
external_auth_client_key_pass: Optional[str] = None,
external_authorization_service_default_label: Optional[str] = None,
external_authorization_service_enabled: Optional[bool] = None,
external_authorization_service_timeout: Optional[float] = None,
external_authorization_service_url: Optional[str] = None,
external_pipeline_validation_service_timeout: Optional[int] = None,
external_pipeline_validation_service_token: Optional[str] = None,
external_pipeline_validation_service_url: Optional[str] = None,
file_template_project_id: Optional[int] = None,
first_day_of_week: Optional[int] = None,
geo_node_allowed_ips: Optional[str] = None,
geo_status_timeout: Optional[int] = None,
git_rate_limit_users_allowlists: Optional[Sequence[str]] = None,
git_two_factor_session_expiry: Optional[int] = None,
gitaly_timeout_default: Optional[int] = None,
gitaly_timeout_fast: Optional[int] = None,
gitaly_timeout_medium: Optional[int] = None,
grafana_enabled: Optional[bool] = None,
grafana_url: Optional[str] = None,
gravatar_enabled: Optional[bool] = None,
hashed_storage_enabled: Optional[bool] = None,
help_page_hide_commercial_content: Optional[bool] = None,
help_page_support_url: Optional[str] = None,
help_page_text: Optional[str] = None,
help_text: Optional[str] = None,
hide_third_party_offers: Optional[bool] = None,
home_page_url: Optional[str] = None,
housekeeping_enabled: Optional[bool] = None,
housekeeping_full_repack_period: Optional[int] = None,
housekeeping_gc_period: Optional[int] = None,
housekeeping_incremental_repack_period: Optional[int] = None,
html_emails_enabled: Optional[bool] = None,
import_sources: Optional[Sequence[str]] = None,
in_product_marketing_emails_enabled: Optional[bool] = None,
inactive_projects_delete_after_months: Optional[int] = None,
inactive_projects_min_size_mb: Optional[int] = None,
inactive_projects_send_warning_email_after_months: Optional[int] = None,
invisible_captcha_enabled: Optional[bool] = None,
issues_create_limit: Optional[int] = None,
keep_latest_artifact: Optional[bool] = None,
local_markdown_version: Optional[int] = None,
mailgun_events_enabled: Optional[bool] = None,
mailgun_signing_key: Optional[str] = None,
maintenance_mode: Optional[bool] = None,
maintenance_mode_message: Optional[str] = None,
max_artifacts_size: Optional[int] = None,
max_attachment_size: Optional[int] = None,
max_export_size: Optional[int] = None,
max_import_size: Optional[int] = None,
max_number_of_repository_downloads: Optional[int] = None,
max_number_of_repository_downloads_within_time_period: Optional[int] = None,
max_pages_size: Optional[int] = None,
max_personal_access_token_lifetime: Optional[int] = None,
max_ssh_key_lifetime: Optional[int] = None,
metrics_method_call_threshold: Optional[int] = None,
mirror_available: Optional[bool] = None,
mirror_capacity_threshold: Optional[int] = None,
mirror_max_capacity: Optional[int] = None,
mirror_max_delay: Optional[int] = None,
npm_package_requests_forwarding: Optional[bool] = None,
outbound_local_requests_whitelists: Optional[Sequence[str]] = None,
package_registry_cleanup_policies_worker_capacity: Optional[int] = None,
pages_domain_verification_enabled: Optional[bool] = None,
password_authentication_enabled_for_git: Optional[bool] = None,
password_authentication_enabled_for_web: Optional[bool] = None,
password_lowercase_required: Optional[bool] = None,
password_number_required: Optional[bool] = None,
password_symbol_required: Optional[bool] = None,
password_uppercase_required: Optional[bool] = None,
performance_bar_allowed_group_path: Optional[str] = None,
personal_access_token_prefix: Optional[str] = None,
pipeline_limit_per_project_user_sha: Optional[int] = None,
plantuml_enabled: Optional[bool] = None,
plantuml_url: Optional[str] = None,
polling_interval_multiplier: Optional[float] = None,
project_export_enabled: Optional[bool] = None,
prometheus_metrics_enabled: Optional[bool] = None,
protected_ci_variables: Optional[bool] = None,
push_event_activities_limit: Optional[int] = None,
push_event_hooks_limit: Optional[int] = None,
pypi_package_requests_forwarding: Optional[bool] = None,
rate_limiting_response_text: Optional[str] = None,
raw_blob_request_limit: Optional[int] = None,
recaptcha_enabled: Optional[bool] = None,
recaptcha_private_key: Optional[str] = None,
recaptcha_site_key: Optional[str] = None,
receive_max_input_size: Optional[int] = None,
repository_checks_enabled: Optional[bool] = None,
repository_size_limit: Optional[int] = None,
repository_storages: Optional[Sequence[str]] = None,
repository_storages_weighted: Optional[Mapping[str, int]] = None,
require_admin_approval_after_user_signup: Optional[bool] = None,
require_two_factor_authentication: Optional[bool] = None,
restricted_visibility_levels: Optional[Sequence[str]] = None,
rsa_key_restriction: Optional[int] = None,
search_rate_limit: Optional[int] = None,
search_rate_limit_unauthenticated: Optional[int] = None,
send_user_confirmation_email: Optional[bool] = None,
session_expire_delay: Optional[int] = None,
shared_runners_enabled: Optional[bool] = None,
shared_runners_minutes: Optional[int] = None,
shared_runners_text: Optional[str] = None,
sidekiq_job_limiter_compression_threshold_bytes: Optional[int] = None,
sidekiq_job_limiter_limit_bytes: Optional[int] = None,
sidekiq_job_limiter_mode: Optional[str] = None,
sign_in_text: Optional[str] = None,
signup_enabled: Optional[bool] = None,
slack_app_enabled: Optional[bool] = None,
slack_app_id: Optional[str] = None,
slack_app_secret: Optional[str] = None,
slack_app_signing_secret: Optional[str] = None,
slack_app_verification_token: Optional[str] = None,
snippet_size_limit: Optional[int] = None,
snowplow_app_id: Optional[str] = None,
snowplow_collector_hostname: Optional[str] = None,
snowplow_cookie_domain: Optional[str] = None,
snowplow_enabled: Optional[bool] = None,
sourcegraph_enabled: Optional[bool] = None,
sourcegraph_public_only: Optional[bool] = None,
sourcegraph_url: Optional[str] = None,
spam_check_api_key: Optional[str] = None,
spam_check_endpoint_enabled: Optional[bool] = None,
spam_check_endpoint_url: Optional[str] = None,
suggest_pipeline_enabled: Optional[bool] = None,
terminal_max_session_time: Optional[int] = None,
terms: Optional[str] = None,
throttle_authenticated_api_enabled: Optional[bool] = None,
throttle_authenticated_api_period_in_seconds: Optional[int] = None,
throttle_authenticated_api_requests_per_period: Optional[int] = None,
throttle_authenticated_packages_api_enabled: Optional[bool] = None,
throttle_authenticated_packages_api_period_in_seconds: Optional[int] = None,
throttle_authenticated_packages_api_requests_per_period: Optional[int] = None,
throttle_authenticated_web_enabled: Optional[bool] = None,
throttle_authenticated_web_period_in_seconds: Optional[int] = None,
throttle_authenticated_web_requests_per_period: Optional[int] = None,
throttle_unauthenticated_api_enabled: Optional[bool] = None,
throttle_unauthenticated_api_period_in_seconds: Optional[int] = None,
throttle_unauthenticated_api_requests_per_period: Optional[int] = None,
throttle_unauthenticated_packages_api_enabled: Optional[bool] = None,
throttle_unauthenticated_packages_api_period_in_seconds: Optional[int] = None,
throttle_unauthenticated_packages_api_requests_per_period: Optional[int] = None,
throttle_unauthenticated_web_enabled: Optional[bool] = None,
throttle_unauthenticated_web_period_in_seconds: Optional[int] = None,
throttle_unauthenticated_web_requests_per_period: Optional[int] = None,
time_tracking_limit_to_hours: Optional[bool] = None,
two_factor_grace_period: Optional[int] = None,
unique_ips_limit_enabled: Optional[bool] = None,
unique_ips_limit_per_user: Optional[int] = None,
unique_ips_limit_time_window: Optional[int] = None,
usage_ping_enabled: Optional[bool] = None,
user_deactivation_emails_enabled: Optional[bool] = None,
user_default_external: Optional[bool] = None,
user_default_internal_regex: Optional[str] = None,
user_oauth_applications: Optional[bool] = None,
user_show_add_ssh_key_message: Optional[bool] = None,
version_check_enabled: Optional[bool] = None,
web_ide_clientside_preview_enabled: Optional[bool] = None,
whats_new_variant: Optional[str] = None,
wiki_page_max_content_bytes: Optional[int] = None) -> ApplicationSettingsfunc GetApplicationSettings(ctx *Context, name string, id IDInput, state *ApplicationSettingsState, opts ...ResourceOption) (*ApplicationSettings, error)public static ApplicationSettings Get(string name, Input<string> id, ApplicationSettingsState? state, CustomResourceOptions? opts = null)public static ApplicationSettings get(String name, Output<String> id, ApplicationSettingsState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Abuse
Notification stringEmail If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- Admin
Mode bool Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- After
Sign stringOut Path Where to redirect users after logout.
- After
Sign stringUp Text Text shown to the user after signing up.
- string
API key for Akismet spam protection.
- bool
(If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- Allow
Group boolOwners To Manage Ldap Set to true to allow group owners to manage LDAP.
- Allow
Local boolRequests From System Hooks Allow requests to the local network from system hooks.
- Allow
Local boolRequests From Web Hooks And Services Allow requests to the local network from web hooks and services.
- Archive
Builds stringIn Human Readable Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- Asset
Proxy List<string>Allowlists Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- Asset
Proxy boolEnabled (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- Asset
Proxy stringSecret Key Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- Asset
Proxy stringUrl URL of the asset proxy server. GitLab restart is required to apply changes.
- bool
By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- Auto
Devops stringDomain Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- Auto
Devops boolEnabled Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- Automatic
Purchased boolStorage Allocation Enabling this permits automatic allocation of purchased storage in a namespace.
- Check
Namespace boolPlan Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- Commit
Email stringHostname Custom hostname (for private commit emails).
- Container
Expiration boolPolicies Enable Historic Entries Enable cleanup policies for all projects.
- int
The maximum number of tags that can be deleted in a single execution of cleanup policies.
- int
The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- Container
Registry boolExpiration Policies Caching Caching during the execution of cleanup policies.
- Container
Registry intExpiration Policies Worker Capacity Number of workers for cleanup policies.
- Container
Registry intToken Expire Delay Container Registry token duration in minutes.
- Deactivate
Dormant boolUsers Enable automatic deactivation of dormant users.
- Default
Artifacts stringExpire In Set the default expiration time for each job’s artifacts.
- Default
Branch stringName Instance-level custom initial branch name (introduced in GitLab 13.2).
- Default
Branch intProtection Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- Default
Ci stringConfig Path Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- Default
Group stringVisibility What visibility level new groups receive. Can take private, internal and public as a parameter. Default is private.
- Default
Project intCreation Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- Default
Project stringVisibility What visibility level new projects receive. Can take private, internal and public as a parameter. Default is private.
- Default
Projects intLimit Project limit per user. Default is 100000.
- Default
Snippet stringVisibility What visibility level new snippets receive. Can take private, internal and public as a parameter. Default is private.
- Delayed
Group boolDeletion Enable delayed group deletion. Default is true. Introduced in GitLab 15.0. From GitLab 15.1, disables and locks the group-level setting for delayed protect deletion when set to false.
- Delayed
Project boolDeletion Enable delayed project deletion by default in new groups. Default is false. From GitLab 15.1, can only be enabled when delayedgroupdeletion is true.
- Delete
Inactive boolProjects Enable inactive project deletion feature. Default is false. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion, disabled by default).
- Deletion
Adjourned intPeriod The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90. Defaults to 7. From GitLab 15.1, a hook on deletionadjournedperiod sets the period to 1 on every update, and sets both delayedprojectdeletion and delayedgroupdeletion to false if the period is 0.
- Diff
Max intFiles Maximum files in a diff.
- Diff
Max intLines Maximum lines in a diff.
- Diff
Max intPatch Bytes Maximum diff patch size, in bytes.
- Disable
Feed boolToken Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- Disabled
Oauth List<string>Sign In Sources Disabled OAuth sign-in sources.
- Dns
Rebinding boolProtection Enabled Enforce DNS rebinding attack protection.
- Domain
Allowlists List<string> Force people to use only corporate emails for sign-up. Default is null, meaning there is no restriction.
- Domain
Denylist boolEnabled (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- Domain
Denylists List<string> Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- Dsa
Key intRestriction The minimum allowed bit length of an uploaded DSA key. Default is 0 (no restriction). -1 disables DSA keys.
- Ecdsa
Key intRestriction The minimum allowed curve size (in bits) of an uploaded ECDSA key. Default is 0 (no restriction). -1 disables ECDSA keys.
- Ecdsa
Sk intKey Restriction The minimum allowed curve size (in bits) of an uploaded ECDSASK key. Default is 0 (no restriction). -1 disables ECDSASK keys.
- Ed25519Key
Restriction int The minimum allowed curve size (in bits) of an uploaded ED25519 key. Default is 0 (no restriction). -1 disables ED25519 keys.
- Ed25519Sk
Key intRestriction The minimum allowed curve size (in bits) of an uploaded ED25519SK key. Default is 0 (no restriction). -1 disables ED25519SK keys.
- Eks
Access stringKey Id AWS IAM access key ID.
- Eks
Account stringId Amazon account ID.
- Eks
Integration boolEnabled Enable integration with Amazon EKS.
- Eks
Secret stringAccess Key AWS IAM secret access key.
- Elasticsearch
Aws bool Enable the use of AWS hosted Elasticsearch.
- Elasticsearch
Aws stringAccess Key AWS IAM access key.
- Elasticsearch
Aws stringRegion The AWS region the Elasticsearch domain is configured.
- Elasticsearch
Aws stringSecret Access Key AWS IAM secret access key.
- Elasticsearch
Indexed intField Length Limit Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- Elasticsearch
Indexed intFile Size Limit Kb Maximum size of repository and wiki files that are indexed by Elasticsearch.
- Elasticsearch
Indexing bool Enable Elasticsearch indexing.
- Elasticsearch
Limit boolIndexing Limit Elasticsearch to index certain namespaces and projects.
- Elasticsearch
Max intBulk Concurrency Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- Elasticsearch
Max intBulk Size Mb Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- Elasticsearch
Namespace List<string>Ids The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- Elasticsearch
Password string The password of your Elasticsearch instance.
- Elasticsearch
Project List<string>Ids The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- Elasticsearch
Search bool Enable Elasticsearch search.
- Elasticsearch
Urls List<string> The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- Elasticsearch
Username string The username of your Elasticsearch instance.
- Email
Additional stringText Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- bool
Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- Enabled
Git stringAccess Protocol Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- Enforce
Namespace boolStorage Limit Enabling this permits enforcement of namespace storage limits.
- Enforce
Terms bool (If enabled, requires: terms) Enforce application ToS to all users.
- External
Auth stringClient Cert (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- External
Auth stringClient Key Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- External
Auth stringClient Key Pass Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- string
The default classification label to use when requesting authorization and no classification label has been specified on the project.
- bool
(If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- double
The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- string
URL to which authorization requests are directed.
- External
Pipeline intValidation Service Timeout How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- External
Pipeline stringValidation Service Token Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- External
Pipeline stringValidation Service Url URL to use for pipeline validation requests.
- File
Template intProject Id The ID of a project to load custom file templates from.
- First
Day intOf Week Start day of the week for calendar views and date pickers. Valid values are 0 (default) for Sunday, 1 for Monday, and 6 for Saturday.
- Geo
Node stringAllowed Ips Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- Geo
Status intTimeout The amount of seconds after which a request to get a secondary node status times out.
- Git
Rate List<string>Limit Users Allowlists List of usernames excluded from Git anti-abuse rate limits. Default: [], Maximum: 100 usernames. Introduced in GitLab 15.2.
- Git
Two intFactor Session Expiry Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- Gitaly
Timeout intDefault Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- Gitaly
Timeout intFast Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- Gitaly
Timeout intMedium Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- Grafana
Enabled bool Enable Grafana.
- Grafana
Url string Grafana URL.
- Gravatar
Enabled bool Enable Gravatar.
- Hashed
Storage boolEnabled Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- Help
Page boolHide Commercial Content Hide marketing-related entries from help.
- Help
Page stringSupport Url Alternate support URL for help page and help dropdown.
- Help
Page stringText Custom text displayed on the help page.
- Help
Text string GitLab server administrator information.
- Hide
Third boolParty Offers Do not display offers from third parties in GitLab.
- Home
Page stringUrl Redirect to this URL when not logged in.
- Housekeeping
Enabled bool (If enabled, requires: housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod) Enable or disable Git housekeeping.
- Housekeeping
Full intRepack Period Number of Git pushes after which an incremental git repack is run.
- Housekeeping
Gc intPeriod Number of Git pushes after which git gc is run.
- Housekeeping
Incremental intRepack Period Number of Git pushes after which an incremental git repack is run.
- Html
Emails boolEnabled Enable HTML emails.
- Import
Sources List<string> Sources to allow project import from, possible values: github, bitbucket, bitbucketserver, gitlab, fogbugz, git, gitlabproject, gitea, manifest, and phabricator.
- In
Product boolMarketing Emails Enabled Enable in-product marketing emails. Enabled by default.
- Inactive
Projects intDelete After Months If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Default is 2. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Inactive
Projects intMin Size Mb If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Default is 0. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Inactive
Projects intSend Warning Email After Months If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Default is 1. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Invisible
Captcha boolEnabled Enable Invisible CAPTCHA spam detection during sign-up. Disabled by default.
- Issues
Create intLimit Max number of issue creation requests per minute per user. Disabled by default.
- Keep
Latest boolArtifact Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time. Enabled by default.
- Local
Markdown intVersion Increase this value when any cached Markdown should be invalidated.
- Mailgun
Events boolEnabled Enable Mailgun event receiver.
- Mailgun
Signing stringKey The Mailgun HTTP webhook signing key for receiving events from webhook.
- Maintenance
Mode bool When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- Maintenance
Mode stringMessage Message displayed when instance is in maintenance mode.
- Max
Artifacts intSize Maximum artifacts size in MB.
- Max
Attachment intSize Limit attachment size in MB.
- Max
Export intSize Maximum export size in MB. 0 for unlimited. Default = 0 (unlimited).
- Max
Import intSize Maximum import size in MB. 0 for unlimited. Default = 0 (unlimited) Modified from 50MB to 0 in GitLab 13.8.
- Max
Number intOf Repository Downloads Maximum number of unique repositories a user can download in the specified time period before they are banned. Default: 0, Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- Max
Number intOf Repository Downloads Within Time Period Reporting time period (in seconds). Default: 0, Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- Max
Pages intSize Maximum size of pages repositories in MB.
- Max
Personal intAccess Token Lifetime Maximum allowable lifetime for access tokens in days.
- Max
Ssh intKey Lifetime Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- Metrics
Method intCall Threshold A method call is only tracked when it takes longer than the given amount of milliseconds.
- Mirror
Available bool Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- Mirror
Capacity intThreshold Minimum capacity to be available before scheduling more mirrors preemptively.
- Mirror
Max intCapacity Maximum number of mirrors that can be synchronizing at the same time.
- Mirror
Max intDelay Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- Npm
Package boolRequests Forwarding Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- Outbound
Local List<string>Requests Whitelists Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- Package
Registry intCleanup Policies Worker Capacity Number of workers assigned to the packages cleanup policies.
- Pages
Domain boolVerification Enabled Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- Password
Authentication boolEnabled For Git Enable authentication for Git over HTTP(S) via a GitLab account password. Default is true.
- Password
Authentication boolEnabled For Web Enable authentication for the web interface via a GitLab account password. Default is true.
- Password
Lowercase boolRequired Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- Password
Number boolRequired Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- Password
Symbol boolRequired Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- Password
Uppercase boolRequired Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- Performance
Bar stringAllowed Group Path Path of the group that is allowed to toggle the performance bar.
- Personal
Access stringToken Prefix Prefix for all generated personal access tokens.
- Pipeline
Limit intPer Project User Sha Maximum number of pipeline creation requests per minute per user and commit. Disabled by default.
- Plantuml
Enabled bool (If enabled, requires: plantuml_url) Enable PlantUML integration. Default is false.
- Plantuml
Url string The PlantUML instance URL for integration.
- Polling
Interval doubleMultiplier Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- Project
Export boolEnabled Enable project export.
- Prometheus
Metrics boolEnabled Enable Prometheus metrics.
- Protected
Ci boolVariables CI/CD variables are protected by default.
- Push
Event intActivities Limit Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- Push
Event intHooks Limit Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- Pypi
Package boolRequests Forwarding Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- Rate
Limiting stringResponse Text When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- Raw
Blob intRequest Limit Max number of requests per minute for each raw path. Default: 300. To disable throttling set to 0.
- Recaptcha
Enabled bool (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- Recaptcha
Private stringKey Private key for reCAPTCHA.
- Recaptcha
Site stringKey Site key for reCAPTCHA.
- Receive
Max intInput Size Maximum push size (MB).
- Repository
Checks boolEnabled GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- Repository
Size intLimit Size limit per repository (MB).
- Repository
Storages List<string> (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- Repository
Storages Dictionary<string, int>Weighted (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- Require
Admin boolApproval After User Signup When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- Require
Two boolFactor Authentication (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- Restricted
Visibility List<string>Levels Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Default is null which means there is no restriction.
- Rsa
Key intRestriction The minimum allowed bit length of an uploaded RSA key. Default is 0 (no restriction). -1 disables RSA keys.
- Search
Rate intLimit Max number of requests per minute for performing a search while authenticated. Default: 30. To disable throttling set to 0.
- Search
Rate intLimit Unauthenticated Max number of requests per minute for performing a search while unauthenticated. Default: 10. To disable throttling set to 0.
- Send
User boolConfirmation Email Send confirmation email on sign-up.
- Session
Expire intDelay Session duration in minutes. GitLab restart is required to apply changes.
- bool
(If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- int
Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- string
Shared runners text.
- Sidekiq
Job intLimiter Compression Threshold Bytes The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis. Default: 100 000 bytes (100KB).
- Sidekiq
Job intLimiter Limit Bytes The threshold in bytes at which Sidekiq jobs are rejected. Default: 0 bytes (doesn’t reject any job).
- Sidekiq
Job stringLimiter Mode track or compress. Sets the behavior for Sidekiq job size limits. Default: ‘compress’.
- Sign
In stringText Text on the login page.
- Signup
Enabled bool Enable registration. Default is true.
- Slack
App boolEnabled (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- Slack
App stringId The app ID of the Slack-app.
- Slack
App stringSecret The app secret of the Slack-app.
- Slack
App stringSigning Secret The signing secret of the Slack-app.
- Slack
App stringVerification Token The verification token of the Slack-app.
- Snippet
Size intLimit Max snippet content size in bytes. Default: 52428800 Bytes (50MB).
- Snowplow
App stringId The Snowplow site name / application ID. (for example, gitlab)
- Snowplow
Collector stringHostname The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- string
The Snowplow cookie domain. (for example, .gitlab.com)
- Snowplow
Enabled bool Enable snowplow tracking.
- Sourcegraph
Enabled bool Enables Sourcegraph integration. Default is false. If enabled, requires sourcegraph_url.
- Sourcegraph
Public boolOnly Blocks Sourcegraph from being loaded on private and internal projects. Default is true.
- Sourcegraph
Url string The Sourcegraph instance URL for integration.
- Spam
Check stringApi Key API key used by GitLab for accessing the Spam Check service endpoint.
- Spam
Check boolEndpoint Enabled Enables spam checking using external Spam Check API endpoint. Default is false.
- Spam
Check stringEndpoint Url URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- Suggest
Pipeline boolEnabled Enable pipeline suggestion banner.
- Terminal
Max intSession Time Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- Terms string
(Required by: enforce_terms) Markdown content for the ToS.
- Throttle
Authenticated boolApi Enabled (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Authenticated intApi Period In Seconds Rate limit period (in seconds).
- Throttle
Authenticated intApi Requests Per Period Maximum requests per period per user.
- Throttle
Authenticated boolPackages Api Enabled (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- Throttle
Authenticated intPackages Api Period In Seconds Rate limit period (in seconds). View Package Registry rate limits for more details.
- Throttle
Authenticated intPackages Api Requests Per Period Maximum requests per period per user. View Package Registry rate limits for more details.
- Throttle
Authenticated boolWeb Enabled (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Authenticated intWeb Period In Seconds Rate limit period (in seconds).
- Throttle
Authenticated intWeb Requests Per Period Maximum requests per period per user.
- Throttle
Unauthenticated boolApi Enabled (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Unauthenticated intApi Period In Seconds Rate limit period in seconds.
- Throttle
Unauthenticated intApi Requests Per Period Max requests per period per IP.
- Throttle
Unauthenticated boolPackages Api Enabled (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- Throttle
Unauthenticated intPackages Api Period In Seconds Rate limit period (in seconds). View Package Registry rate limits for more details.
- Throttle
Unauthenticated intPackages Api Requests Per Period Maximum requests per period per user. View Package Registry rate limits for more details.
- Throttle
Unauthenticated boolWeb Enabled (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Unauthenticated intWeb Period In Seconds Rate limit period in seconds.
- Throttle
Unauthenticated intWeb Requests Per Period Max requests per period per IP.
- Time
Tracking boolLimit To Hours Limit display of time tracking units to hours. Default is false.
- Two
Factor intGrace Period Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- Unique
Ips boolLimit Enabled (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- Unique
Ips intLimit Per User Maximum number of IPs per user.
- Unique
Ips intLimit Time Window How many seconds an IP is counted towards the limit.
- Usage
Ping boolEnabled Every week GitLab reports license usage back to GitLab, Inc.
- User
Deactivation boolEmails Enabled Send an email to users upon account deactivation.
- User
Default boolExternal Newly registered users are external by default.
- User
Default stringInternal Regex Specify an email address regex pattern to identify default internal users.
- User
Oauth boolApplications Allow users to register any application to use GitLab as an OAuth provider.
- User
Show boolAdd Ssh Key Message When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- Version
Check boolEnabled Let GitLab inform you when an update is available.
- Web
Ide boolClientside Preview Enabled Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- Whats
New stringVariant What’s new variant, possible values: alltiers, currenttier, and disabled.
- Wiki
Page intMax Content Bytes Maximum wiki page content size in bytes. Default: 52428800 Bytes (50 MB). The minimum value is 1024 bytes.
- Abuse
Notification stringEmail If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- Admin
Mode bool Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- After
Sign stringOut Path Where to redirect users after logout.
- After
Sign stringUp Text Text shown to the user after signing up.
- string
API key for Akismet spam protection.
- bool
(If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- Allow
Group boolOwners To Manage Ldap Set to true to allow group owners to manage LDAP.
- Allow
Local boolRequests From System Hooks Allow requests to the local network from system hooks.
- Allow
Local boolRequests From Web Hooks And Services Allow requests to the local network from web hooks and services.
- Archive
Builds stringIn Human Readable Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- Asset
Proxy []stringAllowlists Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- Asset
Proxy boolEnabled (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- Asset
Proxy stringSecret Key Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- Asset
Proxy stringUrl URL of the asset proxy server. GitLab restart is required to apply changes.
- bool
By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- Auto
Devops stringDomain Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- Auto
Devops boolEnabled Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- Automatic
Purchased boolStorage Allocation Enabling this permits automatic allocation of purchased storage in a namespace.
- Check
Namespace boolPlan Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- Commit
Email stringHostname Custom hostname (for private commit emails).
- Container
Expiration boolPolicies Enable Historic Entries Enable cleanup policies for all projects.
- int
The maximum number of tags that can be deleted in a single execution of cleanup policies.
- int
The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- Container
Registry boolExpiration Policies Caching Caching during the execution of cleanup policies.
- Container
Registry intExpiration Policies Worker Capacity Number of workers for cleanup policies.
- Container
Registry intToken Expire Delay Container Registry token duration in minutes.
- Deactivate
Dormant boolUsers Enable automatic deactivation of dormant users.
- Default
Artifacts stringExpire In Set the default expiration time for each job’s artifacts.
- Default
Branch stringName Instance-level custom initial branch name (introduced in GitLab 13.2).
- Default
Branch intProtection Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- Default
Ci stringConfig Path Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- Default
Group stringVisibility What visibility level new groups receive. Can take private, internal and public as a parameter. Default is private.
- Default
Project intCreation Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- Default
Project stringVisibility What visibility level new projects receive. Can take private, internal and public as a parameter. Default is private.
- Default
Projects intLimit Project limit per user. Default is 100000.
- Default
Snippet stringVisibility What visibility level new snippets receive. Can take private, internal and public as a parameter. Default is private.
- Delayed
Group boolDeletion Enable delayed group deletion. Default is true. Introduced in GitLab 15.0. From GitLab 15.1, disables and locks the group-level setting for delayed protect deletion when set to false.
- Delayed
Project boolDeletion Enable delayed project deletion by default in new groups. Default is false. From GitLab 15.1, can only be enabled when delayedgroupdeletion is true.
- Delete
Inactive boolProjects Enable inactive project deletion feature. Default is false. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion, disabled by default).
- Deletion
Adjourned intPeriod The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90. Defaults to 7. From GitLab 15.1, a hook on deletionadjournedperiod sets the period to 1 on every update, and sets both delayedprojectdeletion and delayedgroupdeletion to false if the period is 0.
- Diff
Max intFiles Maximum files in a diff.
- Diff
Max intLines Maximum lines in a diff.
- Diff
Max intPatch Bytes Maximum diff patch size, in bytes.
- Disable
Feed boolToken Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- Disabled
Oauth []stringSign In Sources Disabled OAuth sign-in sources.
- Dns
Rebinding boolProtection Enabled Enforce DNS rebinding attack protection.
- Domain
Allowlists []string Force people to use only corporate emails for sign-up. Default is null, meaning there is no restriction.
- Domain
Denylist boolEnabled (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- Domain
Denylists []string Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- Dsa
Key intRestriction The minimum allowed bit length of an uploaded DSA key. Default is 0 (no restriction). -1 disables DSA keys.
- Ecdsa
Key intRestriction The minimum allowed curve size (in bits) of an uploaded ECDSA key. Default is 0 (no restriction). -1 disables ECDSA keys.
- Ecdsa
Sk intKey Restriction The minimum allowed curve size (in bits) of an uploaded ECDSASK key. Default is 0 (no restriction). -1 disables ECDSASK keys.
- Ed25519Key
Restriction int The minimum allowed curve size (in bits) of an uploaded ED25519 key. Default is 0 (no restriction). -1 disables ED25519 keys.
- Ed25519Sk
Key intRestriction The minimum allowed curve size (in bits) of an uploaded ED25519SK key. Default is 0 (no restriction). -1 disables ED25519SK keys.
- Eks
Access stringKey Id AWS IAM access key ID.
- Eks
Account stringId Amazon account ID.
- Eks
Integration boolEnabled Enable integration with Amazon EKS.
- Eks
Secret stringAccess Key AWS IAM secret access key.
- Elasticsearch
Aws bool Enable the use of AWS hosted Elasticsearch.
- Elasticsearch
Aws stringAccess Key AWS IAM access key.
- Elasticsearch
Aws stringRegion The AWS region the Elasticsearch domain is configured.
- Elasticsearch
Aws stringSecret Access Key AWS IAM secret access key.
- Elasticsearch
Indexed intField Length Limit Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- Elasticsearch
Indexed intFile Size Limit Kb Maximum size of repository and wiki files that are indexed by Elasticsearch.
- Elasticsearch
Indexing bool Enable Elasticsearch indexing.
- Elasticsearch
Limit boolIndexing Limit Elasticsearch to index certain namespaces and projects.
- Elasticsearch
Max intBulk Concurrency Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- Elasticsearch
Max intBulk Size Mb Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- Elasticsearch
Namespace []stringIds The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- Elasticsearch
Password string The password of your Elasticsearch instance.
- Elasticsearch
Project []stringIds The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- Elasticsearch
Search bool Enable Elasticsearch search.
- Elasticsearch
Urls []string The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- Elasticsearch
Username string The username of your Elasticsearch instance.
- Email
Additional stringText Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- bool
Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- Enabled
Git stringAccess Protocol Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- Enforce
Namespace boolStorage Limit Enabling this permits enforcement of namespace storage limits.
- Enforce
Terms bool (If enabled, requires: terms) Enforce application ToS to all users.
- External
Auth stringClient Cert (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- External
Auth stringClient Key Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- External
Auth stringClient Key Pass Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- string
The default classification label to use when requesting authorization and no classification label has been specified on the project.
- bool
(If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- float64
The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- string
URL to which authorization requests are directed.
- External
Pipeline intValidation Service Timeout How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- External
Pipeline stringValidation Service Token Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- External
Pipeline stringValidation Service Url URL to use for pipeline validation requests.
- File
Template intProject Id The ID of a project to load custom file templates from.
- First
Day intOf Week Start day of the week for calendar views and date pickers. Valid values are 0 (default) for Sunday, 1 for Monday, and 6 for Saturday.
- Geo
Node stringAllowed Ips Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- Geo
Status intTimeout The amount of seconds after which a request to get a secondary node status times out.
- Git
Rate []stringLimit Users Allowlists List of usernames excluded from Git anti-abuse rate limits. Default: [], Maximum: 100 usernames. Introduced in GitLab 15.2.
- Git
Two intFactor Session Expiry Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- Gitaly
Timeout intDefault Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- Gitaly
Timeout intFast Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- Gitaly
Timeout intMedium Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- Grafana
Enabled bool Enable Grafana.
- Grafana
Url string Grafana URL.
- Gravatar
Enabled bool Enable Gravatar.
- Hashed
Storage boolEnabled Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- Help
Page boolHide Commercial Content Hide marketing-related entries from help.
- Help
Page stringSupport Url Alternate support URL for help page and help dropdown.
- Help
Page stringText Custom text displayed on the help page.
- Help
Text string GitLab server administrator information.
- Hide
Third boolParty Offers Do not display offers from third parties in GitLab.
- Home
Page stringUrl Redirect to this URL when not logged in.
- Housekeeping
Enabled bool (If enabled, requires: housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod) Enable or disable Git housekeeping.
- Housekeeping
Full intRepack Period Number of Git pushes after which an incremental git repack is run.
- Housekeeping
Gc intPeriod Number of Git pushes after which git gc is run.
- Housekeeping
Incremental intRepack Period Number of Git pushes after which an incremental git repack is run.
- Html
Emails boolEnabled Enable HTML emails.
- Import
Sources []string Sources to allow project import from, possible values: github, bitbucket, bitbucketserver, gitlab, fogbugz, git, gitlabproject, gitea, manifest, and phabricator.
- In
Product boolMarketing Emails Enabled Enable in-product marketing emails. Enabled by default.
- Inactive
Projects intDelete After Months If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Default is 2. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Inactive
Projects intMin Size Mb If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Default is 0. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Inactive
Projects intSend Warning Email After Months If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Default is 1. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Invisible
Captcha boolEnabled Enable Invisible CAPTCHA spam detection during sign-up. Disabled by default.
- Issues
Create intLimit Max number of issue creation requests per minute per user. Disabled by default.
- Keep
Latest boolArtifact Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time. Enabled by default.
- Local
Markdown intVersion Increase this value when any cached Markdown should be invalidated.
- Mailgun
Events boolEnabled Enable Mailgun event receiver.
- Mailgun
Signing stringKey The Mailgun HTTP webhook signing key for receiving events from webhook.
- Maintenance
Mode bool When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- Maintenance
Mode stringMessage Message displayed when instance is in maintenance mode.
- Max
Artifacts intSize Maximum artifacts size in MB.
- Max
Attachment intSize Limit attachment size in MB.
- Max
Export intSize Maximum export size in MB. 0 for unlimited. Default = 0 (unlimited).
- Max
Import intSize Maximum import size in MB. 0 for unlimited. Default = 0 (unlimited) Modified from 50MB to 0 in GitLab 13.8.
- Max
Number intOf Repository Downloads Maximum number of unique repositories a user can download in the specified time period before they are banned. Default: 0, Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- Max
Number intOf Repository Downloads Within Time Period Reporting time period (in seconds). Default: 0, Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- Max
Pages intSize Maximum size of pages repositories in MB.
- Max
Personal intAccess Token Lifetime Maximum allowable lifetime for access tokens in days.
- Max
Ssh intKey Lifetime Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- Metrics
Method intCall Threshold A method call is only tracked when it takes longer than the given amount of milliseconds.
- Mirror
Available bool Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- Mirror
Capacity intThreshold Minimum capacity to be available before scheduling more mirrors preemptively.
- Mirror
Max intCapacity Maximum number of mirrors that can be synchronizing at the same time.
- Mirror
Max intDelay Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- Npm
Package boolRequests Forwarding Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- Outbound
Local []stringRequests Whitelists Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- Package
Registry intCleanup Policies Worker Capacity Number of workers assigned to the packages cleanup policies.
- Pages
Domain boolVerification Enabled Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- Password
Authentication boolEnabled For Git Enable authentication for Git over HTTP(S) via a GitLab account password. Default is true.
- Password
Authentication boolEnabled For Web Enable authentication for the web interface via a GitLab account password. Default is true.
- Password
Lowercase boolRequired Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- Password
Number boolRequired Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- Password
Symbol boolRequired Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- Password
Uppercase boolRequired Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- Performance
Bar stringAllowed Group Path Path of the group that is allowed to toggle the performance bar.
- Personal
Access stringToken Prefix Prefix for all generated personal access tokens.
- Pipeline
Limit intPer Project User Sha Maximum number of pipeline creation requests per minute per user and commit. Disabled by default.
- Plantuml
Enabled bool (If enabled, requires: plantuml_url) Enable PlantUML integration. Default is false.
- Plantuml
Url string The PlantUML instance URL for integration.
- Polling
Interval float64Multiplier Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- Project
Export boolEnabled Enable project export.
- Prometheus
Metrics boolEnabled Enable Prometheus metrics.
- Protected
Ci boolVariables CI/CD variables are protected by default.
- Push
Event intActivities Limit Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- Push
Event intHooks Limit Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- Pypi
Package boolRequests Forwarding Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- Rate
Limiting stringResponse Text When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- Raw
Blob intRequest Limit Max number of requests per minute for each raw path. Default: 300. To disable throttling set to 0.
- Recaptcha
Enabled bool (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- Recaptcha
Private stringKey Private key for reCAPTCHA.
- Recaptcha
Site stringKey Site key for reCAPTCHA.
- Receive
Max intInput Size Maximum push size (MB).
- Repository
Checks boolEnabled GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- Repository
Size intLimit Size limit per repository (MB).
- Repository
Storages []string (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- Repository
Storages map[string]intWeighted (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- Require
Admin boolApproval After User Signup When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- Require
Two boolFactor Authentication (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- Restricted
Visibility []stringLevels Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Default is null which means there is no restriction.
- Rsa
Key intRestriction The minimum allowed bit length of an uploaded RSA key. Default is 0 (no restriction). -1 disables RSA keys.
- Search
Rate intLimit Max number of requests per minute for performing a search while authenticated. Default: 30. To disable throttling set to 0.
- Search
Rate intLimit Unauthenticated Max number of requests per minute for performing a search while unauthenticated. Default: 10. To disable throttling set to 0.
- Send
User boolConfirmation Email Send confirmation email on sign-up.
- Session
Expire intDelay Session duration in minutes. GitLab restart is required to apply changes.
- bool
(If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- int
Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- string
Shared runners text.
- Sidekiq
Job intLimiter Compression Threshold Bytes The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis. Default: 100 000 bytes (100KB).
- Sidekiq
Job intLimiter Limit Bytes The threshold in bytes at which Sidekiq jobs are rejected. Default: 0 bytes (doesn’t reject any job).
- Sidekiq
Job stringLimiter Mode track or compress. Sets the behavior for Sidekiq job size limits. Default: ‘compress’.
- Sign
In stringText Text on the login page.
- Signup
Enabled bool Enable registration. Default is true.
- Slack
App boolEnabled (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- Slack
App stringId The app ID of the Slack-app.
- Slack
App stringSecret The app secret of the Slack-app.
- Slack
App stringSigning Secret The signing secret of the Slack-app.
- Slack
App stringVerification Token The verification token of the Slack-app.
- Snippet
Size intLimit Max snippet content size in bytes. Default: 52428800 Bytes (50MB).
- Snowplow
App stringId The Snowplow site name / application ID. (for example, gitlab)
- Snowplow
Collector stringHostname The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- string
The Snowplow cookie domain. (for example, .gitlab.com)
- Snowplow
Enabled bool Enable snowplow tracking.
- Sourcegraph
Enabled bool Enables Sourcegraph integration. Default is false. If enabled, requires sourcegraph_url.
- Sourcegraph
Public boolOnly Blocks Sourcegraph from being loaded on private and internal projects. Default is true.
- Sourcegraph
Url string The Sourcegraph instance URL for integration.
- Spam
Check stringApi Key API key used by GitLab for accessing the Spam Check service endpoint.
- Spam
Check boolEndpoint Enabled Enables spam checking using external Spam Check API endpoint. Default is false.
- Spam
Check stringEndpoint Url URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- Suggest
Pipeline boolEnabled Enable pipeline suggestion banner.
- Terminal
Max intSession Time Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- Terms string
(Required by: enforce_terms) Markdown content for the ToS.
- Throttle
Authenticated boolApi Enabled (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Authenticated intApi Period In Seconds Rate limit period (in seconds).
- Throttle
Authenticated intApi Requests Per Period Maximum requests per period per user.
- Throttle
Authenticated boolPackages Api Enabled (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- Throttle
Authenticated intPackages Api Period In Seconds Rate limit period (in seconds). View Package Registry rate limits for more details.
- Throttle
Authenticated intPackages Api Requests Per Period Maximum requests per period per user. View Package Registry rate limits for more details.
- Throttle
Authenticated boolWeb Enabled (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Authenticated intWeb Period In Seconds Rate limit period (in seconds).
- Throttle
Authenticated intWeb Requests Per Period Maximum requests per period per user.
- Throttle
Unauthenticated boolApi Enabled (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Unauthenticated intApi Period In Seconds Rate limit period in seconds.
- Throttle
Unauthenticated intApi Requests Per Period Max requests per period per IP.
- Throttle
Unauthenticated boolPackages Api Enabled (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- Throttle
Unauthenticated intPackages Api Period In Seconds Rate limit period (in seconds). View Package Registry rate limits for more details.
- Throttle
Unauthenticated intPackages Api Requests Per Period Maximum requests per period per user. View Package Registry rate limits for more details.
- Throttle
Unauthenticated boolWeb Enabled (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Unauthenticated intWeb Period In Seconds Rate limit period in seconds.
- Throttle
Unauthenticated intWeb Requests Per Period Max requests per period per IP.
- Time
Tracking boolLimit To Hours Limit display of time tracking units to hours. Default is false.
- Two
Factor intGrace Period Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- Unique
Ips boolLimit Enabled (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- Unique
Ips intLimit Per User Maximum number of IPs per user.
- Unique
Ips intLimit Time Window How many seconds an IP is counted towards the limit.
- Usage
Ping boolEnabled Every week GitLab reports license usage back to GitLab, Inc.
- User
Deactivation boolEmails Enabled Send an email to users upon account deactivation.
- User
Default boolExternal Newly registered users are external by default.
- User
Default stringInternal Regex Specify an email address regex pattern to identify default internal users.
- User
Oauth boolApplications Allow users to register any application to use GitLab as an OAuth provider.
- User
Show boolAdd Ssh Key Message When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- Version
Check boolEnabled Let GitLab inform you when an update is available.
- Web
Ide boolClientside Preview Enabled Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- Whats
New stringVariant What’s new variant, possible values: alltiers, currenttier, and disabled.
- Wiki
Page intMax Content Bytes Maximum wiki page content size in bytes. Default: 52428800 Bytes (50 MB). The minimum value is 1024 bytes.
- abuse
Notification StringEmail If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- admin
Mode Boolean Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- after
Sign StringOut Path Where to redirect users after logout.
- after
Sign StringUp Text Text shown to the user after signing up.
- String
API key for Akismet spam protection.
- Boolean
(If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- allow
Group BooleanOwners To Manage Ldap Set to true to allow group owners to manage LDAP.
- allow
Local BooleanRequests From System Hooks Allow requests to the local network from system hooks.
- allow
Local BooleanRequests From Web Hooks And Services Allow requests to the local network from web hooks and services.
- archive
Builds StringIn Human Readable Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- asset
Proxy List<String>Allowlists Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- asset
Proxy BooleanEnabled (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- asset
Proxy StringSecret Key Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- asset
Proxy StringUrl URL of the asset proxy server. GitLab restart is required to apply changes.
- Boolean
By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- auto
Devops StringDomain Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- auto
Devops BooleanEnabled Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- automatic
Purchased BooleanStorage Allocation Enabling this permits automatic allocation of purchased storage in a namespace.
- check
Namespace BooleanPlan Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- commit
Email StringHostname Custom hostname (for private commit emails).
- container
Expiration BooleanPolicies Enable Historic Entries Enable cleanup policies for all projects.
- Integer
The maximum number of tags that can be deleted in a single execution of cleanup policies.
- Integer
The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- container
Registry BooleanExpiration Policies Caching Caching during the execution of cleanup policies.
- container
Registry IntegerExpiration Policies Worker Capacity Number of workers for cleanup policies.
- container
Registry IntegerToken Expire Delay Container Registry token duration in minutes.
- deactivate
Dormant BooleanUsers Enable automatic deactivation of dormant users.
- default
Artifacts StringExpire In Set the default expiration time for each job’s artifacts.
- default
Branch StringName Instance-level custom initial branch name (introduced in GitLab 13.2).
- default
Branch IntegerProtection Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- default
Ci StringConfig Path Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- default
Group StringVisibility What visibility level new groups receive. Can take private, internal and public as a parameter. Default is private.