Docs Home
Packages
GitLab v8.4.1 published on Tuesday, Sep 24, 2024 by Pulumi
gitlab.ApplicationSettings
Explore with Pulumi AI
Example Usage
Create ApplicationSettings Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ApplicationSettings(name: string, args?: ApplicationSettingsArgs, opts?: CustomResourceOptions);@overload
def ApplicationSettings(resource_name: str,
args: Optional[ApplicationSettingsArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def ApplicationSettings(resource_name: str,
opts: Optional[ResourceOptions] = None,
abuse_notification_email: Optional[str] = None,
admin_mode: Optional[bool] = None,
after_sign_out_path: Optional[str] = None,
after_sign_up_text: Optional[str] = None,
akismet_api_key: Optional[str] = None,
akismet_enabled: Optional[bool] = None,
allow_account_deletion: Optional[bool] = None,
allow_group_owners_to_manage_ldap: Optional[bool] = None,
allow_local_requests_from_system_hooks: Optional[bool] = None,
allow_local_requests_from_web_hooks_and_services: Optional[bool] = None,
allow_project_creation_for_guest_and_below: Optional[bool] = None,
allow_runner_registration_token: Optional[bool] = None,
archive_builds_in_human_readable: Optional[str] = None,
asciidoc_max_includes: Optional[int] = None,
asset_proxy_allowlists: Optional[Sequence[str]] = None,
asset_proxy_enabled: Optional[bool] = None,
asset_proxy_secret_key: Optional[str] = None,
asset_proxy_url: Optional[str] = None,
authorized_keys_enabled: Optional[bool] = None,
auto_ban_user_on_excessive_projects_download: Optional[bool] = None,
auto_devops_domain: Optional[str] = None,
auto_devops_enabled: Optional[bool] = None,
automatic_purchased_storage_allocation: Optional[bool] = None,
bulk_import_concurrent_pipeline_batch_limit: Optional[int] = None,
bulk_import_enabled: Optional[bool] = None,
bulk_import_max_download_file_size: Optional[int] = None,
can_create_group: Optional[bool] = None,
check_namespace_plan: Optional[bool] = None,
ci_max_includes: Optional[int] = None,
ci_max_total_yaml_size_bytes: Optional[int] = None,
commit_email_hostname: Optional[str] = None,
concurrent_bitbucket_import_jobs_limit: Optional[int] = None,
concurrent_bitbucket_server_import_jobs_limit: Optional[int] = None,
concurrent_github_import_jobs_limit: Optional[int] = None,
container_expiration_policies_enable_historic_entries: Optional[bool] = None,
container_registry_cleanup_tags_service_max_list_size: Optional[int] = None,
container_registry_delete_tags_service_timeout: Optional[int] = None,
container_registry_expiration_policies_caching: Optional[bool] = None,
container_registry_expiration_policies_worker_capacity: Optional[int] = None,
container_registry_token_expire_delay: Optional[int] = None,
deactivate_dormant_users: Optional[bool] = None,
deactivate_dormant_users_period: Optional[int] = None,
decompress_archive_file_timeout: Optional[int] = None,
default_artifacts_expire_in: Optional[str] = None,
default_branch_name: Optional[str] = None,
default_branch_protection: Optional[int] = None,
default_branch_protection_defaults: Optional[ApplicationSettingsDefaultBranchProtectionDefaultsArgs] = None,
default_ci_config_path: Optional[str] = None,
default_group_visibility: Optional[str] = None,
default_preferred_language: Optional[str] = None,
default_project_creation: Optional[int] = None,
default_project_visibility: Optional[str] = None,
default_projects_limit: Optional[int] = None,
default_snippet_visibility: Optional[str] = None,
default_syntax_highlighting_theme: Optional[int] = None,
delete_inactive_projects: Optional[bool] = None,
delete_unconfirmed_users: Optional[bool] = None,
deletion_adjourned_period: Optional[int] = None,
diagramsnet_enabled: Optional[bool] = None,
diagramsnet_url: Optional[str] = None,
diff_max_files: Optional[int] = None,
diff_max_lines: Optional[int] = None,
diff_max_patch_bytes: Optional[int] = None,
disable_admin_oauth_scopes: Optional[bool] = None,
disable_feed_token: Optional[bool] = None,
disable_personal_access_tokens: Optional[bool] = None,
disabled_oauth_sign_in_sources: Optional[Sequence[str]] = None,
dns_rebinding_protection_enabled: Optional[bool] = None,
domain_allowlists: Optional[Sequence[str]] = None,
domain_denylist_enabled: Optional[bool] = None,
domain_denylists: Optional[Sequence[str]] = None,
downstream_pipeline_trigger_limit_per_project_user_sha: Optional[int] = None,
dsa_key_restriction: Optional[int] = None,
duo_features_enabled: Optional[bool] = None,
ecdsa_key_restriction: Optional[int] = None,
ecdsa_sk_key_restriction: Optional[int] = None,
ed25519_key_restriction: Optional[int] = None,
ed25519_sk_key_restriction: Optional[int] = None,
eks_access_key_id: Optional[str] = None,
eks_account_id: Optional[str] = None,
eks_integration_enabled: Optional[bool] = None,
eks_secret_access_key: Optional[str] = None,
elasticsearch_aws: Optional[bool] = None,
elasticsearch_aws_access_key: Optional[str] = None,
elasticsearch_aws_region: Optional[str] = None,
elasticsearch_aws_secret_access_key: Optional[str] = None,
elasticsearch_indexed_field_length_limit: Optional[int] = None,
elasticsearch_indexed_file_size_limit_kb: Optional[int] = None,
elasticsearch_indexing: Optional[bool] = None,
elasticsearch_limit_indexing: Optional[bool] = None,
elasticsearch_max_bulk_concurrency: Optional[int] = None,
elasticsearch_max_bulk_size_mb: Optional[int] = None,
elasticsearch_namespace_ids: Optional[Sequence[int]] = None,
elasticsearch_password: Optional[str] = None,
elasticsearch_project_ids: Optional[Sequence[int]] = None,
elasticsearch_search: Optional[bool] = None,
elasticsearch_urls: Optional[Sequence[str]] = None,
elasticsearch_username: Optional[str] = None,
email_additional_text: Optional[str] = None,
email_author_in_body: Optional[bool] = None,
enabled_git_access_protocol: Optional[str] = None,
enforce_namespace_storage_limit: Optional[bool] = None,
enforce_terms: Optional[bool] = None,
external_auth_client_cert: Optional[str] = None,
external_auth_client_key: Optional[str] = None,
external_auth_client_key_pass: Optional[str] = None,
external_authorization_service_default_label: Optional[str] = None,
external_authorization_service_enabled: Optional[bool] = None,
external_authorization_service_timeout: Optional[float] = None,
external_authorization_service_url: Optional[str] = None,
external_pipeline_validation_service_timeout: Optional[int] = None,
external_pipeline_validation_service_token: Optional[str] = None,
external_pipeline_validation_service_url: Optional[str] = None,
file_template_project_id: Optional[int] = None,
first_day_of_week: Optional[int] = None,
geo_node_allowed_ips: Optional[str] = None,
geo_status_timeout: Optional[int] = None,
git_rate_limit_users_allowlists: Optional[Sequence[str]] = None,
git_two_factor_session_expiry: Optional[int] = None,
gitaly_timeout_default: Optional[int] = None,
gitaly_timeout_fast: Optional[int] = None,
gitaly_timeout_medium: Optional[int] = None,
grafana_enabled: Optional[bool] = None,
grafana_url: Optional[str] = None,
gravatar_enabled: Optional[bool] = None,
group_owners_can_manage_default_branch_protection: Optional[bool] = None,
hashed_storage_enabled: Optional[bool] = None,
help_page_hide_commercial_content: Optional[bool] = None,
help_page_support_url: Optional[str] = None,
help_page_text: Optional[str] = None,
help_text: Optional[str] = None,
hide_third_party_offers: Optional[bool] = None,
home_page_url: Optional[str] = None,
housekeeping_enabled: Optional[bool] = None,
housekeeping_full_repack_period: Optional[int] = None,
housekeeping_gc_period: Optional[int] = None,
housekeeping_incremental_repack_period: Optional[int] = None,
housekeeping_optimize_repository_period: Optional[int] = None,
html_emails_enabled: Optional[bool] = None,
import_sources: Optional[Sequence[str]] = None,
in_product_marketing_emails_enabled: Optional[bool] = None,
inactive_projects_delete_after_months: Optional[int] = None,
inactive_projects_min_size_mb: Optional[int] = None,
inactive_projects_send_warning_email_after_months: Optional[int] = None,
invisible_captcha_enabled: Optional[bool] = None,
issues_create_limit: Optional[int] = None,
keep_latest_artifact: Optional[bool] = None,
local_markdown_version: Optional[int] = None,
mailgun_events_enabled: Optional[bool] = None,
mailgun_signing_key: Optional[str] = None,
maintenance_mode: Optional[bool] = None,
maintenance_mode_message: Optional[str] = None,
max_artifacts_size: Optional[int] = None,
max_attachment_size: Optional[int] = None,
max_export_size: Optional[int] = None,
max_import_size: Optional[int] = None,
max_number_of_repository_downloads: Optional[int] = None,
max_number_of_repository_downloads_within_time_period: Optional[int] = None,
max_pages_size: Optional[int] = None,
max_personal_access_token_lifetime: Optional[int] = None,
max_ssh_key_lifetime: Optional[int] = None,
max_terraform_state_size_bytes: Optional[int] = None,
metrics_method_call_threshold: Optional[int] = None,
minimum_password_length: Optional[int] = None,
mirror_available: Optional[bool] = None,
mirror_capacity_threshold: Optional[int] = None,
mirror_max_capacity: Optional[int] = None,
mirror_max_delay: Optional[int] = None,
npm_package_requests_forwarding: Optional[bool] = None,
outbound_local_requests_whitelists: Optional[Sequence[str]] = None,
package_registry_cleanup_policies_worker_capacity: Optional[int] = None,
pages_domain_verification_enabled: Optional[bool] = None,
password_authentication_enabled_for_git: Optional[bool] = None,
password_authentication_enabled_for_web: Optional[bool] = None,
password_lowercase_required: Optional[bool] = None,
password_number_required: Optional[bool] = None,
password_symbol_required: Optional[bool] = None,
password_uppercase_required: Optional[bool] = None,
performance_bar_allowed_group_path: Optional[str] = None,
personal_access_token_prefix: Optional[str] = None,
pipeline_limit_per_project_user_sha: Optional[int] = None,
plantuml_enabled: Optional[bool] = None,
plantuml_url: Optional[str] = None,
polling_interval_multiplier: Optional[float] = None,
project_export_enabled: Optional[bool] = None,
prometheus_metrics_enabled: Optional[bool] = None,
protected_ci_variables: Optional[bool] = None,
push_event_activities_limit: Optional[int] = None,
push_event_hooks_limit: Optional[int] = None,
pypi_package_requests_forwarding: Optional[bool] = None,
rate_limiting_response_text: Optional[str] = None,
raw_blob_request_limit: Optional[int] = None,
recaptcha_enabled: Optional[bool] = None,
recaptcha_private_key: Optional[str] = None,
recaptcha_site_key: Optional[str] = None,
receive_max_input_size: Optional[int] = None,
repository_checks_enabled: Optional[bool] = None,
repository_size_limit: Optional[int] = None,
repository_storages: Optional[Sequence[str]] = None,
repository_storages_weighted: Optional[Mapping[str, int]] = None,
require_admin_approval_after_user_signup: Optional[bool] = None,
require_two_factor_authentication: Optional[bool] = None,
restricted_visibility_levels: Optional[Sequence[str]] = None,
rsa_key_restriction: Optional[int] = None,
search_rate_limit: Optional[int] = None,
search_rate_limit_unauthenticated: Optional[int] = None,
send_user_confirmation_email: Optional[bool] = None,
session_expire_delay: Optional[int] = None,
shared_runners_enabled: Optional[bool] = None,
shared_runners_minutes: Optional[int] = None,
shared_runners_text: Optional[str] = None,
sidekiq_job_limiter_compression_threshold_bytes: Optional[int] = None,
sidekiq_job_limiter_limit_bytes: Optional[int] = None,
sidekiq_job_limiter_mode: Optional[str] = None,
sign_in_text: Optional[str] = None,
signup_enabled: Optional[bool] = None,
slack_app_enabled: Optional[bool] = None,
slack_app_id: Optional[str] = None,
slack_app_secret: Optional[str] = None,
slack_app_signing_secret: Optional[str] = None,
slack_app_verification_token: Optional[str] = None,
snippet_size_limit: Optional[int] = None,
snowplow_app_id: Optional[str] = None,
snowplow_collector_hostname: Optional[str] = None,
snowplow_cookie_domain: Optional[str] = None,
snowplow_enabled: Optional[bool] = None,
sourcegraph_enabled: Optional[bool] = None,
sourcegraph_public_only: Optional[bool] = None,
sourcegraph_url: Optional[str] = None,
spam_check_api_key: Optional[str] = None,
spam_check_endpoint_enabled: Optional[bool] = None,
spam_check_endpoint_url: Optional[str] = None,
suggest_pipeline_enabled: Optional[bool] = None,
terminal_max_session_time: Optional[int] = None,
terms: Optional[str] = None,
throttle_authenticated_api_enabled: Optional[bool] = None,
throttle_authenticated_api_period_in_seconds: Optional[int] = None,
throttle_authenticated_api_requests_per_period: Optional[int] = None,
throttle_authenticated_packages_api_enabled: Optional[bool] = None,
throttle_authenticated_packages_api_period_in_seconds: Optional[int] = None,
throttle_authenticated_packages_api_requests_per_period: Optional[int] = None,
throttle_authenticated_web_enabled: Optional[bool] = None,
throttle_authenticated_web_period_in_seconds: Optional[int] = None,
throttle_authenticated_web_requests_per_period: Optional[int] = None,
throttle_unauthenticated_api_enabled: Optional[bool] = None,
throttle_unauthenticated_api_period_in_seconds: Optional[int] = None,
throttle_unauthenticated_api_requests_per_period: Optional[int] = None,
throttle_unauthenticated_packages_api_enabled: Optional[bool] = None,
throttle_unauthenticated_packages_api_period_in_seconds: Optional[int] = None,
throttle_unauthenticated_packages_api_requests_per_period: Optional[int] = None,
throttle_unauthenticated_web_enabled: Optional[bool] = None,
throttle_unauthenticated_web_period_in_seconds: Optional[int] = None,
throttle_unauthenticated_web_requests_per_period: Optional[int] = None,
time_tracking_limit_to_hours: Optional[bool] = None,
two_factor_grace_period: Optional[int] = None,
unique_ips_limit_enabled: Optional[bool] = None,
unique_ips_limit_per_user: Optional[int] = None,
unique_ips_limit_time_window: Optional[int] = None,
usage_ping_enabled: Optional[bool] = None,
user_deactivation_emails_enabled: Optional[bool] = None,
user_default_external: Optional[bool] = None,
user_default_internal_regex: Optional[str] = None,
user_oauth_applications: Optional[bool] = None,
user_show_add_ssh_key_message: Optional[bool] = None,
version_check_enabled: Optional[bool] = None,
web_ide_clientside_preview_enabled: Optional[bool] = None,
whats_new_variant: Optional[str] = None,
wiki_page_max_content_bytes: Optional[int] = None)func NewApplicationSettings(ctx *Context, name string, args *ApplicationSettingsArgs, opts ...ResourceOption) (*ApplicationSettings, error)public ApplicationSettings(string name, ApplicationSettingsArgs? args = null, CustomResourceOptions? opts = null)
public ApplicationSettings(String name, ApplicationSettingsArgs args)
public ApplicationSettings(String name, ApplicationSettingsArgs args, CustomResourceOptions options)
type: gitlab:ApplicationSettings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ApplicationSettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ApplicationSettingsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ApplicationSettingsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ApplicationSettingsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ApplicationSettingsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var applicationSettingsResource = new GitLab.ApplicationSettings("applicationSettingsResource", new()
{
AbuseNotificationEmail = "string",
AdminMode = false,
AfterSignOutPath = "string",
AfterSignUpText = "string",
AkismetApiKey = "string",
AkismetEnabled = false,
AllowAccountDeletion = false,
AllowGroupOwnersToManageLdap = false,
AllowLocalRequestsFromSystemHooks = false,
AllowLocalRequestsFromWebHooksAndServices = false,
AllowProjectCreationForGuestAndBelow = false,
AllowRunnerRegistrationToken = false,
ArchiveBuildsInHumanReadable = "string",
AsciidocMaxIncludes = 0,
AssetProxyAllowlists = new[]
{
"string",
},
AssetProxyEnabled = false,
AssetProxySecretKey = "string",
AssetProxyUrl = "string",
AuthorizedKeysEnabled = false,
AutoBanUserOnExcessiveProjectsDownload = false,
AutoDevopsDomain = "string",
AutoDevopsEnabled = false,
AutomaticPurchasedStorageAllocation = false,
BulkImportConcurrentPipelineBatchLimit = 0,
BulkImportEnabled = false,
BulkImportMaxDownloadFileSize = 0,
CanCreateGroup = false,
CheckNamespacePlan = false,
CiMaxIncludes = 0,
CiMaxTotalYamlSizeBytes = 0,
CommitEmailHostname = "string",
ConcurrentBitbucketImportJobsLimit = 0,
ConcurrentBitbucketServerImportJobsLimit = 0,
ConcurrentGithubImportJobsLimit = 0,
ContainerExpirationPoliciesEnableHistoricEntries = false,
ContainerRegistryCleanupTagsServiceMaxListSize = 0,
ContainerRegistryDeleteTagsServiceTimeout = 0,
ContainerRegistryExpirationPoliciesCaching = false,
ContainerRegistryExpirationPoliciesWorkerCapacity = 0,
ContainerRegistryTokenExpireDelay = 0,
DeactivateDormantUsers = false,
DeactivateDormantUsersPeriod = 0,
DecompressArchiveFileTimeout = 0,
DefaultArtifactsExpireIn = "string",
DefaultBranchName = "string",
DefaultBranchProtection = 0,
DefaultBranchProtectionDefaults = new GitLab.Inputs.ApplicationSettingsDefaultBranchProtectionDefaultsArgs
{
AllowForcePush = false,
AllowedToMerges = new[]
{
"any",
},
AllowedToPushes = new[]
{
"any",
},
DeveloperCanInitialPush = false,
},
DefaultCiConfigPath = "string",
DefaultGroupVisibility = "string",
DefaultPreferredLanguage = "string",
DefaultProjectCreation = 0,
DefaultProjectVisibility = "string",
DefaultProjectsLimit = 0,
DefaultSnippetVisibility = "string",
DefaultSyntaxHighlightingTheme = 0,
DeleteInactiveProjects = false,
DeleteUnconfirmedUsers = false,
DeletionAdjournedPeriod = 0,
DiagramsnetEnabled = false,
DiagramsnetUrl = "string",
DiffMaxFiles = 0,
DiffMaxLines = 0,
DiffMaxPatchBytes = 0,
DisableAdminOauthScopes = false,
DisableFeedToken = false,
DisablePersonalAccessTokens = false,
DisabledOauthSignInSources = new[]
{
"string",
},
DnsRebindingProtectionEnabled = false,
DomainAllowlists = new[]
{
"string",
},
DomainDenylistEnabled = false,
DomainDenylists = new[]
{
"string",
},
DownstreamPipelineTriggerLimitPerProjectUserSha = 0,
DsaKeyRestriction = 0,
DuoFeaturesEnabled = false,
EcdsaKeyRestriction = 0,
EcdsaSkKeyRestriction = 0,
Ed25519KeyRestriction = 0,
Ed25519SkKeyRestriction = 0,
EksAccessKeyId = "string",
EksAccountId = "string",
EksIntegrationEnabled = false,
EksSecretAccessKey = "string",
ElasticsearchAws = false,
ElasticsearchAwsAccessKey = "string",
ElasticsearchAwsRegion = "string",
ElasticsearchAwsSecretAccessKey = "string",
ElasticsearchIndexedFieldLengthLimit = 0,
ElasticsearchIndexedFileSizeLimitKb = 0,
ElasticsearchIndexing = false,
ElasticsearchLimitIndexing = false,
ElasticsearchMaxBulkConcurrency = 0,
ElasticsearchMaxBulkSizeMb = 0,
ElasticsearchNamespaceIds = new[]
{
0,
},
ElasticsearchPassword = "string",
ElasticsearchProjectIds = new[]
{
0,
},
ElasticsearchSearch = false,
ElasticsearchUrls = new[]
{
"string",
},
ElasticsearchUsername = "string",
EmailAdditionalText = "string",
EmailAuthorInBody = false,
EnabledGitAccessProtocol = "string",
EnforceNamespaceStorageLimit = false,
EnforceTerms = false,
ExternalAuthClientCert = "string",
ExternalAuthClientKey = "string",
ExternalAuthClientKeyPass = "string",
ExternalAuthorizationServiceDefaultLabel = "string",
ExternalAuthorizationServiceEnabled = false,
ExternalAuthorizationServiceTimeout = 0,
ExternalAuthorizationServiceUrl = "string",
ExternalPipelineValidationServiceTimeout = 0,
ExternalPipelineValidationServiceToken = "string",
ExternalPipelineValidationServiceUrl = "string",
FileTemplateProjectId = 0,
FirstDayOfWeek = 0,
GeoNodeAllowedIps = "string",
GeoStatusTimeout = 0,
GitRateLimitUsersAllowlists = new[]
{
"string",
},
GitTwoFactorSessionExpiry = 0,
GitalyTimeoutDefault = 0,
GitalyTimeoutFast = 0,
GitalyTimeoutMedium = 0,
GrafanaEnabled = false,
GrafanaUrl = "string",
GravatarEnabled = false,
GroupOwnersCanManageDefaultBranchProtection = false,
HashedStorageEnabled = false,
HelpPageHideCommercialContent = false,
HelpPageSupportUrl = "string",
HelpPageText = "string",
HelpText = "string",
HideThirdPartyOffers = false,
HomePageUrl = "string",
HousekeepingEnabled = false,
HousekeepingOptimizeRepositoryPeriod = 0,
HtmlEmailsEnabled = false,
ImportSources = new[]
{
"string",
},
InProductMarketingEmailsEnabled = false,
InactiveProjectsDeleteAfterMonths = 0,
InactiveProjectsMinSizeMb = 0,
InactiveProjectsSendWarningEmailAfterMonths = 0,
InvisibleCaptchaEnabled = false,
IssuesCreateLimit = 0,
KeepLatestArtifact = false,
LocalMarkdownVersion = 0,
MailgunEventsEnabled = false,
MailgunSigningKey = "string",
MaintenanceMode = false,
MaintenanceModeMessage = "string",
MaxArtifactsSize = 0,
MaxAttachmentSize = 0,
MaxExportSize = 0,
MaxImportSize = 0,
MaxNumberOfRepositoryDownloads = 0,
MaxNumberOfRepositoryDownloadsWithinTimePeriod = 0,
MaxPagesSize = 0,
MaxPersonalAccessTokenLifetime = 0,
MaxSshKeyLifetime = 0,
MaxTerraformStateSizeBytes = 0,
MetricsMethodCallThreshold = 0,
MinimumPasswordLength = 0,
MirrorAvailable = false,
MirrorCapacityThreshold = 0,
MirrorMaxCapacity = 0,
MirrorMaxDelay = 0,
NpmPackageRequestsForwarding = false,
OutboundLocalRequestsWhitelists = new[]
{
"string",
},
PackageRegistryCleanupPoliciesWorkerCapacity = 0,
PagesDomainVerificationEnabled = false,
PasswordAuthenticationEnabledForGit = false,
PasswordAuthenticationEnabledForWeb = false,
PasswordLowercaseRequired = false,
PasswordNumberRequired = false,
PasswordSymbolRequired = false,
PasswordUppercaseRequired = false,
PerformanceBarAllowedGroupPath = "string",
PersonalAccessTokenPrefix = "string",
PipelineLimitPerProjectUserSha = 0,
PlantumlEnabled = false,
PlantumlUrl = "string",
PollingIntervalMultiplier = 0,
ProjectExportEnabled = false,
PrometheusMetricsEnabled = false,
ProtectedCiVariables = false,
PushEventActivitiesLimit = 0,
PushEventHooksLimit = 0,
PypiPackageRequestsForwarding = false,
RateLimitingResponseText = "string",
RawBlobRequestLimit = 0,
RecaptchaEnabled = false,
RecaptchaPrivateKey = "string",
RecaptchaSiteKey = "string",
ReceiveMaxInputSize = 0,
RepositoryChecksEnabled = false,
RepositorySizeLimit = 0,
RepositoryStorages = new[]
{
"string",
},
RepositoryStoragesWeighted =
{
{ "string", 0 },
},
RequireAdminApprovalAfterUserSignup = false,
RequireTwoFactorAuthentication = false,
RestrictedVisibilityLevels = new[]
{
"string",
},
RsaKeyRestriction = 0,
SearchRateLimit = 0,
SearchRateLimitUnauthenticated = 0,
SendUserConfirmationEmail = false,
SessionExpireDelay = 0,
SharedRunnersEnabled = false,
SharedRunnersMinutes = 0,
SharedRunnersText = "string",
SidekiqJobLimiterCompressionThresholdBytes = 0,
SidekiqJobLimiterLimitBytes = 0,
SidekiqJobLimiterMode = "string",
SignInText = "string",
SignupEnabled = false,
SlackAppEnabled = false,
SlackAppId = "string",
SlackAppSecret = "string",
SlackAppSigningSecret = "string",
SlackAppVerificationToken = "string",
SnippetSizeLimit = 0,
SnowplowAppId = "string",
SnowplowCollectorHostname = "string",
SnowplowCookieDomain = "string",
SnowplowEnabled = false,
SourcegraphEnabled = false,
SourcegraphPublicOnly = false,
SourcegraphUrl = "string",
SpamCheckApiKey = "string",
SpamCheckEndpointEnabled = false,
SpamCheckEndpointUrl = "string",
SuggestPipelineEnabled = false,
TerminalMaxSessionTime = 0,
Terms = "string",
ThrottleAuthenticatedApiEnabled = false,
ThrottleAuthenticatedApiPeriodInSeconds = 0,
ThrottleAuthenticatedApiRequestsPerPeriod = 0,
ThrottleAuthenticatedPackagesApiEnabled = false,
ThrottleAuthenticatedPackagesApiPeriodInSeconds = 0,
ThrottleAuthenticatedPackagesApiRequestsPerPeriod = 0,
ThrottleAuthenticatedWebEnabled = false,
ThrottleAuthenticatedWebPeriodInSeconds = 0,
ThrottleAuthenticatedWebRequestsPerPeriod = 0,
ThrottleUnauthenticatedApiEnabled = false,
ThrottleUnauthenticatedApiPeriodInSeconds = 0,
ThrottleUnauthenticatedApiRequestsPerPeriod = 0,
ThrottleUnauthenticatedPackagesApiEnabled = false,
ThrottleUnauthenticatedPackagesApiPeriodInSeconds = 0,
ThrottleUnauthenticatedPackagesApiRequestsPerPeriod = 0,
ThrottleUnauthenticatedWebEnabled = false,
ThrottleUnauthenticatedWebPeriodInSeconds = 0,
ThrottleUnauthenticatedWebRequestsPerPeriod = 0,
TimeTrackingLimitToHours = false,
TwoFactorGracePeriod = 0,
UniqueIpsLimitEnabled = false,
UniqueIpsLimitPerUser = 0,
UniqueIpsLimitTimeWindow = 0,
UsagePingEnabled = false,
UserDeactivationEmailsEnabled = false,
UserDefaultExternal = false,
UserDefaultInternalRegex = "string",
UserOauthApplications = false,
UserShowAddSshKeyMessage = false,
VersionCheckEnabled = false,
WebIdeClientsidePreviewEnabled = false,
WhatsNewVariant = "string",
WikiPageMaxContentBytes = 0,
});
example, err := gitlab.NewApplicationSettings(ctx, "applicationSettingsResource", &gitlab.ApplicationSettingsArgs{
AbuseNotificationEmail: pulumi.String("string"),
AdminMode: pulumi.Bool(false),
AfterSignOutPath: pulumi.String("string"),
AfterSignUpText: pulumi.String("string"),
AkismetApiKey: pulumi.String("string"),
AkismetEnabled: pulumi.Bool(false),
AllowAccountDeletion: pulumi.Bool(false),
AllowGroupOwnersToManageLdap: pulumi.Bool(false),
AllowLocalRequestsFromSystemHooks: pulumi.Bool(false),
AllowLocalRequestsFromWebHooksAndServices: pulumi.Bool(false),
AllowProjectCreationForGuestAndBelow: pulumi.Bool(false),
AllowRunnerRegistrationToken: pulumi.Bool(false),
ArchiveBuildsInHumanReadable: pulumi.String("string"),
AsciidocMaxIncludes: pulumi.Int(0),
AssetProxyAllowlists: pulumi.StringArray{
pulumi.String("string"),
},
AssetProxyEnabled: pulumi.Bool(false),
AssetProxySecretKey: pulumi.String("string"),
AssetProxyUrl: pulumi.String("string"),
AuthorizedKeysEnabled: pulumi.Bool(false),
AutoBanUserOnExcessiveProjectsDownload: pulumi.Bool(false),
AutoDevopsDomain: pulumi.String("string"),
AutoDevopsEnabled: pulumi.Bool(false),
AutomaticPurchasedStorageAllocation: pulumi.Bool(false),
BulkImportConcurrentPipelineBatchLimit: pulumi.Int(0),
BulkImportEnabled: pulumi.Bool(false),
BulkImportMaxDownloadFileSize: pulumi.Int(0),
CanCreateGroup: pulumi.Bool(false),
CheckNamespacePlan: pulumi.Bool(false),
CiMaxIncludes: pulumi.Int(0),
CiMaxTotalYamlSizeBytes: pulumi.Int(0),
CommitEmailHostname: pulumi.String("string"),
ConcurrentBitbucketImportJobsLimit: pulumi.Int(0),
ConcurrentBitbucketServerImportJobsLimit: pulumi.Int(0),
ConcurrentGithubImportJobsLimit: pulumi.Int(0),
ContainerExpirationPoliciesEnableHistoricEntries: pulumi.Bool(false),
ContainerRegistryCleanupTagsServiceMaxListSize: pulumi.Int(0),
ContainerRegistryDeleteTagsServiceTimeout: pulumi.Int(0),
ContainerRegistryExpirationPoliciesCaching: pulumi.Bool(false),
ContainerRegistryExpirationPoliciesWorkerCapacity: pulumi.Int(0),
ContainerRegistryTokenExpireDelay: pulumi.Int(0),
DeactivateDormantUsers: pulumi.Bool(false),
DeactivateDormantUsersPeriod: pulumi.Int(0),
DecompressArchiveFileTimeout: pulumi.Int(0),
DefaultArtifactsExpireIn: pulumi.String("string"),
DefaultBranchName: pulumi.String("string"),
DefaultBranchProtection: pulumi.Int(0),
DefaultBranchProtectionDefaults: &gitlab.ApplicationSettingsDefaultBranchProtectionDefaultsArgs{
AllowForcePush: pulumi.Bool(false),
AllowedToMerges: pulumi.Array{
pulumi.Any("any"),
},
AllowedToPushes: pulumi.Array{
pulumi.Any("any"),
},
DeveloperCanInitialPush: pulumi.Bool(false),
},
DefaultCiConfigPath: pulumi.String("string"),
DefaultGroupVisibility: pulumi.String("string"),
DefaultPreferredLanguage: pulumi.String("string"),
DefaultProjectCreation: pulumi.Int(0),
DefaultProjectVisibility: pulumi.String("string"),
DefaultProjectsLimit: pulumi.Int(0),
DefaultSnippetVisibility: pulumi.String("string"),
DefaultSyntaxHighlightingTheme: pulumi.Int(0),
DeleteInactiveProjects: pulumi.Bool(false),
DeleteUnconfirmedUsers: pulumi.Bool(false),
DeletionAdjournedPeriod: pulumi.Int(0),
DiagramsnetEnabled: pulumi.Bool(false),
DiagramsnetUrl: pulumi.String("string"),
DiffMaxFiles: pulumi.Int(0),
DiffMaxLines: pulumi.Int(0),
DiffMaxPatchBytes: pulumi.Int(0),
DisableAdminOauthScopes: pulumi.Bool(false),
DisableFeedToken: pulumi.Bool(false),
DisablePersonalAccessTokens: pulumi.Bool(false),
DisabledOauthSignInSources: pulumi.StringArray{
pulumi.String("string"),
},
DnsRebindingProtectionEnabled: pulumi.Bool(false),
DomainAllowlists: pulumi.StringArray{
pulumi.String("string"),
},
DomainDenylistEnabled: pulumi.Bool(false),
DomainDenylists: pulumi.StringArray{
pulumi.String("string"),
},
DownstreamPipelineTriggerLimitPerProjectUserSha: pulumi.Int(0),
DsaKeyRestriction: pulumi.Int(0),
DuoFeaturesEnabled: pulumi.Bool(false),
EcdsaKeyRestriction: pulumi.Int(0),
EcdsaSkKeyRestriction: pulumi.Int(0),
Ed25519KeyRestriction: pulumi.Int(0),
Ed25519SkKeyRestriction: pulumi.Int(0),
EksAccessKeyId: pulumi.String("string"),
EksAccountId: pulumi.String("string"),
EksIntegrationEnabled: pulumi.Bool(false),
EksSecretAccessKey: pulumi.String("string"),
ElasticsearchAws: pulumi.Bool(false),
ElasticsearchAwsAccessKey: pulumi.String("string"),
ElasticsearchAwsRegion: pulumi.String("string"),
ElasticsearchAwsSecretAccessKey: pulumi.String("string"),
ElasticsearchIndexedFieldLengthLimit: pulumi.Int(0),
ElasticsearchIndexedFileSizeLimitKb: pulumi.Int(0),
ElasticsearchIndexing: pulumi.Bool(false),
ElasticsearchLimitIndexing: pulumi.Bool(false),
ElasticsearchMaxBulkConcurrency: pulumi.Int(0),
ElasticsearchMaxBulkSizeMb: pulumi.Int(0),
ElasticsearchNamespaceIds: pulumi.IntArray{
pulumi.Int(0),
},
ElasticsearchPassword: pulumi.String("string"),
ElasticsearchProjectIds: pulumi.IntArray{
pulumi.Int(0),
},
ElasticsearchSearch: pulumi.Bool(false),
ElasticsearchUrls: pulumi.StringArray{
pulumi.String("string"),
},
ElasticsearchUsername: pulumi.String("string"),
EmailAdditionalText: pulumi.String("string"),
EmailAuthorInBody: pulumi.Bool(false),
EnabledGitAccessProtocol: pulumi.String("string"),
EnforceNamespaceStorageLimit: pulumi.Bool(false),
EnforceTerms: pulumi.Bool(false),
ExternalAuthClientCert: pulumi.String("string"),
ExternalAuthClientKey: pulumi.String("string"),
ExternalAuthClientKeyPass: pulumi.String("string"),
ExternalAuthorizationServiceDefaultLabel: pulumi.String("string"),
ExternalAuthorizationServiceEnabled: pulumi.Bool(false),
ExternalAuthorizationServiceTimeout: pulumi.Float64(0),
ExternalAuthorizationServiceUrl: pulumi.String("string"),
ExternalPipelineValidationServiceTimeout: pulumi.Int(0),
ExternalPipelineValidationServiceToken: pulumi.String("string"),
ExternalPipelineValidationServiceUrl: pulumi.String("string"),
FileTemplateProjectId: pulumi.Int(0),
FirstDayOfWeek: pulumi.Int(0),
GeoNodeAllowedIps: pulumi.String("string"),
GeoStatusTimeout: pulumi.Int(0),
GitRateLimitUsersAllowlists: pulumi.StringArray{
pulumi.String("string"),
},
GitTwoFactorSessionExpiry: pulumi.Int(0),
GitalyTimeoutDefault: pulumi.Int(0),
GitalyTimeoutFast: pulumi.Int(0),
GitalyTimeoutMedium: pulumi.Int(0),
GrafanaEnabled: pulumi.Bool(false),
GrafanaUrl: pulumi.String("string"),
GravatarEnabled: pulumi.Bool(false),
GroupOwnersCanManageDefaultBranchProtection: pulumi.Bool(false),
HashedStorageEnabled: pulumi.Bool(false),
HelpPageHideCommercialContent: pulumi.Bool(false),
HelpPageSupportUrl: pulumi.String("string"),
HelpPageText: pulumi.String("string"),
HelpText: pulumi.String("string"),
HideThirdPartyOffers: pulumi.Bool(false),
HomePageUrl: pulumi.String("string"),
HousekeepingEnabled: pulumi.Bool(false),
HousekeepingOptimizeRepositoryPeriod: pulumi.Int(0),
HtmlEmailsEnabled: pulumi.Bool(false),
ImportSources: pulumi.StringArray{
pulumi.String("string"),
},
InProductMarketingEmailsEnabled: pulumi.Bool(false),
InactiveProjectsDeleteAfterMonths: pulumi.Int(0),
InactiveProjectsMinSizeMb: pulumi.Int(0),
InactiveProjectsSendWarningEmailAfterMonths: pulumi.Int(0),
InvisibleCaptchaEnabled: pulumi.Bool(false),
IssuesCreateLimit: pulumi.Int(0),
KeepLatestArtifact: pulumi.Bool(false),
LocalMarkdownVersion: pulumi.Int(0),
MailgunEventsEnabled: pulumi.Bool(false),
MailgunSigningKey: pulumi.String("string"),
MaintenanceMode: pulumi.Bool(false),
MaintenanceModeMessage: pulumi.String("string"),
MaxArtifactsSize: pulumi.Int(0),
MaxAttachmentSize: pulumi.Int(0),
MaxExportSize: pulumi.Int(0),
MaxImportSize: pulumi.Int(0),
MaxNumberOfRepositoryDownloads: pulumi.Int(0),
MaxNumberOfRepositoryDownloadsWithinTimePeriod: pulumi.Int(0),
MaxPagesSize: pulumi.Int(0),
MaxPersonalAccessTokenLifetime: pulumi.Int(0),
MaxSshKeyLifetime: pulumi.Int(0),
MaxTerraformStateSizeBytes: pulumi.Int(0),
MetricsMethodCallThreshold: pulumi.Int(0),
MinimumPasswordLength: pulumi.Int(0),
MirrorAvailable: pulumi.Bool(false),
MirrorCapacityThreshold: pulumi.Int(0),
MirrorMaxCapacity: pulumi.Int(0),
MirrorMaxDelay: pulumi.Int(0),
NpmPackageRequestsForwarding: pulumi.Bool(false),
OutboundLocalRequestsWhitelists: pulumi.StringArray{
pulumi.String("string"),
},
PackageRegistryCleanupPoliciesWorkerCapacity: pulumi.Int(0),
PagesDomainVerificationEnabled: pulumi.Bool(false),
PasswordAuthenticationEnabledForGit: pulumi.Bool(false),
PasswordAuthenticationEnabledForWeb: pulumi.Bool(false),
PasswordLowercaseRequired: pulumi.Bool(false),
PasswordNumberRequired: pulumi.Bool(false),
PasswordSymbolRequired: pulumi.Bool(false),
PasswordUppercaseRequired: pulumi.Bool(false),
PerformanceBarAllowedGroupPath: pulumi.String("string"),
PersonalAccessTokenPrefix: pulumi.String("string"),
PipelineLimitPerProjectUserSha: pulumi.Int(0),
PlantumlEnabled: pulumi.Bool(false),
PlantumlUrl: pulumi.String("string"),
PollingIntervalMultiplier: pulumi.Float64(0),
ProjectExportEnabled: pulumi.Bool(false),
PrometheusMetricsEnabled: pulumi.Bool(false),
ProtectedCiVariables: pulumi.Bool(false),
PushEventActivitiesLimit: pulumi.Int(0),
PushEventHooksLimit: pulumi.Int(0),
PypiPackageRequestsForwarding: pulumi.Bool(false),
RateLimitingResponseText: pulumi.String("string"),
RawBlobRequestLimit: pulumi.Int(0),
RecaptchaEnabled: pulumi.Bool(false),
RecaptchaPrivateKey: pulumi.String("string"),
RecaptchaSiteKey: pulumi.String("string"),
ReceiveMaxInputSize: pulumi.Int(0),
RepositoryChecksEnabled: pulumi.Bool(false),
RepositorySizeLimit: pulumi.Int(0),
RepositoryStorages: pulumi.StringArray{
pulumi.String("string"),
},
RepositoryStoragesWeighted: pulumi.IntMap{
"string": pulumi.Int(0),
},
RequireAdminApprovalAfterUserSignup: pulumi.Bool(false),
RequireTwoFactorAuthentication: pulumi.Bool(false),
RestrictedVisibilityLevels: pulumi.StringArray{
pulumi.String("string"),
},
RsaKeyRestriction: pulumi.Int(0),
SearchRateLimit: pulumi.Int(0),
SearchRateLimitUnauthenticated: pulumi.Int(0),
SendUserConfirmationEmail: pulumi.Bool(false),
SessionExpireDelay: pulumi.Int(0),
SharedRunnersEnabled: pulumi.Bool(false),
SharedRunnersMinutes: pulumi.Int(0),
SharedRunnersText: pulumi.String("string"),
SidekiqJobLimiterCompressionThresholdBytes: pulumi.Int(0),
SidekiqJobLimiterLimitBytes: pulumi.Int(0),
SidekiqJobLimiterMode: pulumi.String("string"),
SignInText: pulumi.String("string"),
SignupEnabled: pulumi.Bool(false),
SlackAppEnabled: pulumi.Bool(false),
SlackAppId: pulumi.String("string"),
SlackAppSecret: pulumi.String("string"),
SlackAppSigningSecret: pulumi.String("string"),
SlackAppVerificationToken: pulumi.String("string"),
SnippetSizeLimit: pulumi.Int(0),
SnowplowAppId: pulumi.String("string"),
SnowplowCollectorHostname: pulumi.String("string"),
SnowplowCookieDomain: pulumi.String("string"),
SnowplowEnabled: pulumi.Bool(false),
SourcegraphEnabled: pulumi.Bool(false),
SourcegraphPublicOnly: pulumi.Bool(false),
SourcegraphUrl: pulumi.String("string"),
SpamCheckApiKey: pulumi.String("string"),
SpamCheckEndpointEnabled: pulumi.Bool(false),
SpamCheckEndpointUrl: pulumi.String("string"),
SuggestPipelineEnabled: pulumi.Bool(false),
TerminalMaxSessionTime: pulumi.Int(0),
Terms: pulumi.String("string"),
ThrottleAuthenticatedApiEnabled: pulumi.Bool(false),
ThrottleAuthenticatedApiPeriodInSeconds: pulumi.Int(0),
ThrottleAuthenticatedApiRequestsPerPeriod: pulumi.Int(0),
ThrottleAuthenticatedPackagesApiEnabled: pulumi.Bool(false),
ThrottleAuthenticatedPackagesApiPeriodInSeconds: pulumi.Int(0),
ThrottleAuthenticatedPackagesApiRequestsPerPeriod: pulumi.Int(0),
ThrottleAuthenticatedWebEnabled: pulumi.Bool(false),
ThrottleAuthenticatedWebPeriodInSeconds: pulumi.Int(0),
ThrottleAuthenticatedWebRequestsPerPeriod: pulumi.Int(0),
ThrottleUnauthenticatedApiEnabled: pulumi.Bool(false),
ThrottleUnauthenticatedApiPeriodInSeconds: pulumi.Int(0),
ThrottleUnauthenticatedApiRequestsPerPeriod: pulumi.Int(0),
ThrottleUnauthenticatedPackagesApiEnabled: pulumi.Bool(false),
ThrottleUnauthenticatedPackagesApiPeriodInSeconds: pulumi.Int(0),
ThrottleUnauthenticatedPackagesApiRequestsPerPeriod: pulumi.Int(0),
ThrottleUnauthenticatedWebEnabled: pulumi.Bool(false),
ThrottleUnauthenticatedWebPeriodInSeconds: pulumi.Int(0),
ThrottleUnauthenticatedWebRequestsPerPeriod: pulumi.Int(0),
TimeTrackingLimitToHours: pulumi.Bool(false),
TwoFactorGracePeriod: pulumi.Int(0),
UniqueIpsLimitEnabled: pulumi.Bool(false),
UniqueIpsLimitPerUser: pulumi.Int(0),
UniqueIpsLimitTimeWindow: pulumi.Int(0),
UsagePingEnabled: pulumi.Bool(false),
UserDeactivationEmailsEnabled: pulumi.Bool(false),
UserDefaultExternal: pulumi.Bool(false),
UserDefaultInternalRegex: pulumi.String("string"),
UserOauthApplications: pulumi.Bool(false),
UserShowAddSshKeyMessage: pulumi.Bool(false),
VersionCheckEnabled: pulumi.Bool(false),
WebIdeClientsidePreviewEnabled: pulumi.Bool(false),
WhatsNewVariant: pulumi.String("string"),
WikiPageMaxContentBytes: pulumi.Int(0),
})
var applicationSettingsResource = new ApplicationSettings("applicationSettingsResource", ApplicationSettingsArgs.builder()
.abuseNotificationEmail("string")
.adminMode(false)
.afterSignOutPath("string")
.afterSignUpText("string")
.akismetApiKey("string")
.akismetEnabled(false)
.allowAccountDeletion(false)
.allowGroupOwnersToManageLdap(false)
.allowLocalRequestsFromSystemHooks(false)
.allowLocalRequestsFromWebHooksAndServices(false)
.allowProjectCreationForGuestAndBelow(false)
.allowRunnerRegistrationToken(false)
.archiveBuildsInHumanReadable("string")
.asciidocMaxIncludes(0)
.assetProxyAllowlists("string")
.assetProxyEnabled(false)
.assetProxySecretKey("string")
.assetProxyUrl("string")
.authorizedKeysEnabled(false)
.autoBanUserOnExcessiveProjectsDownload(false)
.autoDevopsDomain("string")
.autoDevopsEnabled(false)
.automaticPurchasedStorageAllocation(false)
.bulkImportConcurrentPipelineBatchLimit(0)
.bulkImportEnabled(false)
.bulkImportMaxDownloadFileSize(0)
.canCreateGroup(false)
.checkNamespacePlan(false)
.ciMaxIncludes(0)
.ciMaxTotalYamlSizeBytes(0)
.commitEmailHostname("string")
.concurrentBitbucketImportJobsLimit(0)
.concurrentBitbucketServerImportJobsLimit(0)
.concurrentGithubImportJobsLimit(0)
.containerExpirationPoliciesEnableHistoricEntries(false)
.containerRegistryCleanupTagsServiceMaxListSize(0)
.containerRegistryDeleteTagsServiceTimeout(0)
.containerRegistryExpirationPoliciesCaching(false)
.containerRegistryExpirationPoliciesWorkerCapacity(0)
.containerRegistryTokenExpireDelay(0)
.deactivateDormantUsers(false)
.deactivateDormantUsersPeriod(0)
.decompressArchiveFileTimeout(0)
.defaultArtifactsExpireIn("string")
.defaultBranchName("string")
.defaultBranchProtection(0)
.defaultBranchProtectionDefaults(ApplicationSettingsDefaultBranchProtectionDefaultsArgs.builder()
.allowForcePush(false)
.allowedToMerges("any")
.allowedToPushes("any")
.developerCanInitialPush(false)
.build())
.defaultCiConfigPath("string")
.defaultGroupVisibility("string")
.defaultPreferredLanguage("string")
.defaultProjectCreation(0)
.defaultProjectVisibility("string")
.defaultProjectsLimit(0)
.defaultSnippetVisibility("string")
.defaultSyntaxHighlightingTheme(0)
.deleteInactiveProjects(false)
.deleteUnconfirmedUsers(false)
.deletionAdjournedPeriod(0)
.diagramsnetEnabled(false)
.diagramsnetUrl("string")
.diffMaxFiles(0)
.diffMaxLines(0)
.diffMaxPatchBytes(0)
.disableAdminOauthScopes(false)
.disableFeedToken(false)
.disablePersonalAccessTokens(false)
.disabledOauthSignInSources("string")
.dnsRebindingProtectionEnabled(false)
.domainAllowlists("string")
.domainDenylistEnabled(false)
.domainDenylists("string")
.downstreamPipelineTriggerLimitPerProjectUserSha(0)
.dsaKeyRestriction(0)
.duoFeaturesEnabled(false)
.ecdsaKeyRestriction(0)
.ecdsaSkKeyRestriction(0)
.ed25519KeyRestriction(0)
.ed25519SkKeyRestriction(0)
.eksAccessKeyId("string")
.eksAccountId("string")
.eksIntegrationEnabled(false)
.eksSecretAccessKey("string")
.elasticsearchAws(false)
.elasticsearchAwsAccessKey("string")
.elasticsearchAwsRegion("string")
.elasticsearchAwsSecretAccessKey("string")
.elasticsearchIndexedFieldLengthLimit(0)
.elasticsearchIndexedFileSizeLimitKb(0)
.elasticsearchIndexing(false)
.elasticsearchLimitIndexing(false)
.elasticsearchMaxBulkConcurrency(0)
.elasticsearchMaxBulkSizeMb(0)
.elasticsearchNamespaceIds(0)
.elasticsearchPassword("string")
.elasticsearchProjectIds(0)
.elasticsearchSearch(false)
.elasticsearchUrls("string")
.elasticsearchUsername("string")
.emailAdditionalText("string")
.emailAuthorInBody(false)
.enabledGitAccessProtocol("string")
.enforceNamespaceStorageLimit(false)
.enforceTerms(false)
.externalAuthClientCert("string")
.externalAuthClientKey("string")
.externalAuthClientKeyPass("string")
.externalAuthorizationServiceDefaultLabel("string")
.externalAuthorizationServiceEnabled(false)
.externalAuthorizationServiceTimeout(0)
.externalAuthorizationServiceUrl("string")
.externalPipelineValidationServiceTimeout(0)
.externalPipelineValidationServiceToken("string")
.externalPipelineValidationServiceUrl("string")
.fileTemplateProjectId(0)
.firstDayOfWeek(0)
.geoNodeAllowedIps("string")
.geoStatusTimeout(0)
.gitRateLimitUsersAllowlists("string")
.gitTwoFactorSessionExpiry(0)
.gitalyTimeoutDefault(0)
.gitalyTimeoutFast(0)
.gitalyTimeoutMedium(0)
.grafanaEnabled(false)
.grafanaUrl("string")
.gravatarEnabled(false)
.groupOwnersCanManageDefaultBranchProtection(false)
.hashedStorageEnabled(false)
.helpPageHideCommercialContent(false)
.helpPageSupportUrl("string")
.helpPageText("string")
.helpText("string")
.hideThirdPartyOffers(false)
.homePageUrl("string")
.housekeepingEnabled(false)
.housekeepingOptimizeRepositoryPeriod(0)
.htmlEmailsEnabled(false)
.importSources("string")
.inProductMarketingEmailsEnabled(false)
.inactiveProjectsDeleteAfterMonths(0)
.inactiveProjectsMinSizeMb(0)
.inactiveProjectsSendWarningEmailAfterMonths(0)
.invisibleCaptchaEnabled(false)
.issuesCreateLimit(0)
.keepLatestArtifact(false)
.localMarkdownVersion(0)
.mailgunEventsEnabled(false)
.mailgunSigningKey("string")
.maintenanceMode(false)
.maintenanceModeMessage("string")
.maxArtifactsSize(0)
.maxAttachmentSize(0)
.maxExportSize(0)
.maxImportSize(0)
.maxNumberOfRepositoryDownloads(0)
.maxNumberOfRepositoryDownloadsWithinTimePeriod(0)
.maxPagesSize(0)
.maxPersonalAccessTokenLifetime(0)
.maxSshKeyLifetime(0)
.maxTerraformStateSizeBytes(0)
.metricsMethodCallThreshold(0)
.minimumPasswordLength(0)
.mirrorAvailable(false)
.mirrorCapacityThreshold(0)
.mirrorMaxCapacity(0)
.mirrorMaxDelay(0)
.npmPackageRequestsForwarding(false)
.outboundLocalRequestsWhitelists("string")
.packageRegistryCleanupPoliciesWorkerCapacity(0)
.pagesDomainVerificationEnabled(false)
.passwordAuthenticationEnabledForGit(false)
.passwordAuthenticationEnabledForWeb(false)
.passwordLowercaseRequired(false)
.passwordNumberRequired(false)
.passwordSymbolRequired(false)
.passwordUppercaseRequired(false)
.performanceBarAllowedGroupPath("string")
.personalAccessTokenPrefix("string")
.pipelineLimitPerProjectUserSha(0)
.plantumlEnabled(false)
.plantumlUrl("string")
.pollingIntervalMultiplier(0)
.projectExportEnabled(false)
.prometheusMetricsEnabled(false)
.protectedCiVariables(false)
.pushEventActivitiesLimit(0)
.pushEventHooksLimit(0)
.pypiPackageRequestsForwarding(false)
.rateLimitingResponseText("string")
.rawBlobRequestLimit(0)
.recaptchaEnabled(false)
.recaptchaPrivateKey("string")
.recaptchaSiteKey("string")
.receiveMaxInputSize(0)
.repositoryChecksEnabled(false)
.repositorySizeLimit(0)
.repositoryStorages("string")
.repositoryStoragesWeighted(Map.of("string", 0))
.requireAdminApprovalAfterUserSignup(false)
.requireTwoFactorAuthentication(false)
.restrictedVisibilityLevels("string")
.rsaKeyRestriction(0)
.searchRateLimit(0)
.searchRateLimitUnauthenticated(0)
.sendUserConfirmationEmail(false)
.sessionExpireDelay(0)
.sharedRunnersEnabled(false)
.sharedRunnersMinutes(0)
.sharedRunnersText("string")
.sidekiqJobLimiterCompressionThresholdBytes(0)
.sidekiqJobLimiterLimitBytes(0)
.sidekiqJobLimiterMode("string")
.signInText("string")
.signupEnabled(false)
.slackAppEnabled(false)
.slackAppId("string")
.slackAppSecret("string")
.slackAppSigningSecret("string")
.slackAppVerificationToken("string")
.snippetSizeLimit(0)
.snowplowAppId("string")
.snowplowCollectorHostname("string")
.snowplowCookieDomain("string")
.snowplowEnabled(false)
.sourcegraphEnabled(false)
.sourcegraphPublicOnly(false)
.sourcegraphUrl("string")
.spamCheckApiKey("string")
.spamCheckEndpointEnabled(false)
.spamCheckEndpointUrl("string")
.suggestPipelineEnabled(false)
.terminalMaxSessionTime(0)
.terms("string")
.throttleAuthenticatedApiEnabled(false)
.throttleAuthenticatedApiPeriodInSeconds(0)
.throttleAuthenticatedApiRequestsPerPeriod(0)
.throttleAuthenticatedPackagesApiEnabled(false)
.throttleAuthenticatedPackagesApiPeriodInSeconds(0)
.throttleAuthenticatedPackagesApiRequestsPerPeriod(0)
.throttleAuthenticatedWebEnabled(false)
.throttleAuthenticatedWebPeriodInSeconds(0)
.throttleAuthenticatedWebRequestsPerPeriod(0)
.throttleUnauthenticatedApiEnabled(false)
.throttleUnauthenticatedApiPeriodInSeconds(0)
.throttleUnauthenticatedApiRequestsPerPeriod(0)
.throttleUnauthenticatedPackagesApiEnabled(false)
.throttleUnauthenticatedPackagesApiPeriodInSeconds(0)
.throttleUnauthenticatedPackagesApiRequestsPerPeriod(0)
.throttleUnauthenticatedWebEnabled(false)
.throttleUnauthenticatedWebPeriodInSeconds(0)
.throttleUnauthenticatedWebRequestsPerPeriod(0)
.timeTrackingLimitToHours(false)
.twoFactorGracePeriod(0)
.uniqueIpsLimitEnabled(false)
.uniqueIpsLimitPerUser(0)
.uniqueIpsLimitTimeWindow(0)
.usagePingEnabled(false)
.userDeactivationEmailsEnabled(false)
.userDefaultExternal(false)
.userDefaultInternalRegex("string")
.userOauthApplications(false)
.userShowAddSshKeyMessage(false)
.versionCheckEnabled(false)
.webIdeClientsidePreviewEnabled(false)
.whatsNewVariant("string")
.wikiPageMaxContentBytes(0)
.build());
application_settings_resource = gitlab.ApplicationSettings("applicationSettingsResource",
abuse_notification_email="string",
admin_mode=False,
after_sign_out_path="string",
after_sign_up_text="string",
akismet_api_key="string",
akismet_enabled=False,
allow_account_deletion=False,
allow_group_owners_to_manage_ldap=False,
allow_local_requests_from_system_hooks=False,
allow_local_requests_from_web_hooks_and_services=False,
allow_project_creation_for_guest_and_below=False,
allow_runner_registration_token=False,
archive_builds_in_human_readable="string",
asciidoc_max_includes=0,
asset_proxy_allowlists=["string"],
asset_proxy_enabled=False,
asset_proxy_secret_key="string",
asset_proxy_url="string",
authorized_keys_enabled=False,
auto_ban_user_on_excessive_projects_download=False,
auto_devops_domain="string",
auto_devops_enabled=False,
automatic_purchased_storage_allocation=False,
bulk_import_concurrent_pipeline_batch_limit=0,
bulk_import_enabled=False,
bulk_import_max_download_file_size=0,
can_create_group=False,
check_namespace_plan=False,
ci_max_includes=0,
ci_max_total_yaml_size_bytes=0,
commit_email_hostname="string",
concurrent_bitbucket_import_jobs_limit=0,
concurrent_bitbucket_server_import_jobs_limit=0,
concurrent_github_import_jobs_limit=0,
container_expiration_policies_enable_historic_entries=False,
container_registry_cleanup_tags_service_max_list_size=0,
container_registry_delete_tags_service_timeout=0,
container_registry_expiration_policies_caching=False,
container_registry_expiration_policies_worker_capacity=0,
container_registry_token_expire_delay=0,
deactivate_dormant_users=False,
deactivate_dormant_users_period=0,
decompress_archive_file_timeout=0,
default_artifacts_expire_in="string",
default_branch_name="string",
default_branch_protection=0,
default_branch_protection_defaults=gitlab.ApplicationSettingsDefaultBranchProtectionDefaultsArgs(
allow_force_push=False,
allowed_to_merges=["any"],
allowed_to_pushes=["any"],
developer_can_initial_push=False,
),
default_ci_config_path="string",
default_group_visibility="string",
default_preferred_language="string",
default_project_creation=0,
default_project_visibility="string",
default_projects_limit=0,
default_snippet_visibility="string",
default_syntax_highlighting_theme=0,
delete_inactive_projects=False,
delete_unconfirmed_users=False,
deletion_adjourned_period=0,
diagramsnet_enabled=False,
diagramsnet_url="string",
diff_max_files=0,
diff_max_lines=0,
diff_max_patch_bytes=0,
disable_admin_oauth_scopes=False,
disable_feed_token=False,
disable_personal_access_tokens=False,
disabled_oauth_sign_in_sources=["string"],
dns_rebinding_protection_enabled=False,
domain_allowlists=["string"],
domain_denylist_enabled=False,
domain_denylists=["string"],
downstream_pipeline_trigger_limit_per_project_user_sha=0,
dsa_key_restriction=0,
duo_features_enabled=False,
ecdsa_key_restriction=0,
ecdsa_sk_key_restriction=0,
ed25519_key_restriction=0,
ed25519_sk_key_restriction=0,
eks_access_key_id="string",
eks_account_id="string",
eks_integration_enabled=False,
eks_secret_access_key="string",
elasticsearch_aws=False,
elasticsearch_aws_access_key="string",
elasticsearch_aws_region="string",
elasticsearch_aws_secret_access_key="string",
elasticsearch_indexed_field_length_limit=0,
elasticsearch_indexed_file_size_limit_kb=0,
elasticsearch_indexing=False,
elasticsearch_limit_indexing=False,
elasticsearch_max_bulk_concurrency=0,
elasticsearch_max_bulk_size_mb=0,
elasticsearch_namespace_ids=[0],
elasticsearch_password="string",
elasticsearch_project_ids=[0],
elasticsearch_search=False,
elasticsearch_urls=["string"],
elasticsearch_username="string",
email_additional_text="string",
email_author_in_body=False,
enabled_git_access_protocol="string",
enforce_namespace_storage_limit=False,
enforce_terms=False,
external_auth_client_cert="string",
external_auth_client_key="string",
external_auth_client_key_pass="string",
external_authorization_service_default_label="string",
external_authorization_service_enabled=False,
external_authorization_service_timeout=0,
external_authorization_service_url="string",
external_pipeline_validation_service_timeout=0,
external_pipeline_validation_service_token="string",
external_pipeline_validation_service_url="string",
file_template_project_id=0,
first_day_of_week=0,
geo_node_allowed_ips="string",
geo_status_timeout=0,
git_rate_limit_users_allowlists=["string"],
git_two_factor_session_expiry=0,
gitaly_timeout_default=0,
gitaly_timeout_fast=0,
gitaly_timeout_medium=0,
grafana_enabled=False,
grafana_url="string",
gravatar_enabled=False,
group_owners_can_manage_default_branch_protection=False,
hashed_storage_enabled=False,
help_page_hide_commercial_content=False,
help_page_support_url="string",
help_page_text="string",
help_text="string",
hide_third_party_offers=False,
home_page_url="string",
housekeeping_enabled=False,
housekeeping_optimize_repository_period=0,
html_emails_enabled=False,
import_sources=["string"],
in_product_marketing_emails_enabled=False,
inactive_projects_delete_after_months=0,
inactive_projects_min_size_mb=0,
inactive_projects_send_warning_email_after_months=0,
invisible_captcha_enabled=False,
issues_create_limit=0,
keep_latest_artifact=False,
local_markdown_version=0,
mailgun_events_enabled=False,
mailgun_signing_key="string",
maintenance_mode=False,
maintenance_mode_message="string",
max_artifacts_size=0,
max_attachment_size=0,
max_export_size=0,
max_import_size=0,
max_number_of_repository_downloads=0,
max_number_of_repository_downloads_within_time_period=0,
max_pages_size=0,
max_personal_access_token_lifetime=0,
max_ssh_key_lifetime=0,
max_terraform_state_size_bytes=0,
metrics_method_call_threshold=0,
minimum_password_length=0,
mirror_available=False,
mirror_capacity_threshold=0,
mirror_max_capacity=0,
mirror_max_delay=0,
npm_package_requests_forwarding=False,
outbound_local_requests_whitelists=["string"],
package_registry_cleanup_policies_worker_capacity=0,
pages_domain_verification_enabled=False,
password_authentication_enabled_for_git=False,
password_authentication_enabled_for_web=False,
password_lowercase_required=False,
password_number_required=False,
password_symbol_required=False,
password_uppercase_required=False,
performance_bar_allowed_group_path="string",
personal_access_token_prefix="string",
pipeline_limit_per_project_user_sha=0,
plantuml_enabled=False,
plantuml_url="string",
polling_interval_multiplier=0,
project_export_enabled=False,
prometheus_metrics_enabled=False,
protected_ci_variables=False,
push_event_activities_limit=0,
push_event_hooks_limit=0,
pypi_package_requests_forwarding=False,
rate_limiting_response_text="string",
raw_blob_request_limit=0,
recaptcha_enabled=False,
recaptcha_private_key="string",
recaptcha_site_key="string",
receive_max_input_size=0,
repository_checks_enabled=False,
repository_size_limit=0,
repository_storages=["string"],
repository_storages_weighted={
"string": 0,
},
require_admin_approval_after_user_signup=False,
require_two_factor_authentication=False,
restricted_visibility_levels=["string"],
rsa_key_restriction=0,
search_rate_limit=0,
search_rate_limit_unauthenticated=0,
send_user_confirmation_email=False,
session_expire_delay=0,
shared_runners_enabled=False,
shared_runners_minutes=0,
shared_runners_text="string",
sidekiq_job_limiter_compression_threshold_bytes=0,
sidekiq_job_limiter_limit_bytes=0,
sidekiq_job_limiter_mode="string",
sign_in_text="string",
signup_enabled=False,
slack_app_enabled=False,
slack_app_id="string",
slack_app_secret="string",
slack_app_signing_secret="string",
slack_app_verification_token="string",
snippet_size_limit=0,
snowplow_app_id="string",
snowplow_collector_hostname="string",
snowplow_cookie_domain="string",
snowplow_enabled=False,
sourcegraph_enabled=False,
sourcegraph_public_only=False,
sourcegraph_url="string",
spam_check_api_key="string",
spam_check_endpoint_enabled=False,
spam_check_endpoint_url="string",
suggest_pipeline_enabled=False,
terminal_max_session_time=0,
terms="string",
throttle_authenticated_api_enabled=False,
throttle_authenticated_api_period_in_seconds=0,
throttle_authenticated_api_requests_per_period=0,
throttle_authenticated_packages_api_enabled=False,
throttle_authenticated_packages_api_period_in_seconds=0,
throttle_authenticated_packages_api_requests_per_period=0,
throttle_authenticated_web_enabled=False,
throttle_authenticated_web_period_in_seconds=0,
throttle_authenticated_web_requests_per_period=0,
throttle_unauthenticated_api_enabled=False,
throttle_unauthenticated_api_period_in_seconds=0,
throttle_unauthenticated_api_requests_per_period=0,
throttle_unauthenticated_packages_api_enabled=False,
throttle_unauthenticated_packages_api_period_in_seconds=0,
throttle_unauthenticated_packages_api_requests_per_period=0,
throttle_unauthenticated_web_enabled=False,
throttle_unauthenticated_web_period_in_seconds=0,
throttle_unauthenticated_web_requests_per_period=0,
time_tracking_limit_to_hours=False,
two_factor_grace_period=0,
unique_ips_limit_enabled=False,
unique_ips_limit_per_user=0,
unique_ips_limit_time_window=0,
usage_ping_enabled=False,
user_deactivation_emails_enabled=False,
user_default_external=False,
user_default_internal_regex="string",
user_oauth_applications=False,
user_show_add_ssh_key_message=False,
version_check_enabled=False,
web_ide_clientside_preview_enabled=False,
whats_new_variant="string",
wiki_page_max_content_bytes=0)
const applicationSettingsResource = new gitlab.ApplicationSettings("applicationSettingsResource", {
abuseNotificationEmail: "string",
adminMode: false,
afterSignOutPath: "string",
afterSignUpText: "string",
akismetApiKey: "string",
akismetEnabled: false,
allowAccountDeletion: false,
allowGroupOwnersToManageLdap: false,
allowLocalRequestsFromSystemHooks: false,
allowLocalRequestsFromWebHooksAndServices: false,
allowProjectCreationForGuestAndBelow: false,
allowRunnerRegistrationToken: false,
archiveBuildsInHumanReadable: "string",
asciidocMaxIncludes: 0,
assetProxyAllowlists: ["string"],
assetProxyEnabled: false,
assetProxySecretKey: "string",
assetProxyUrl: "string",
authorizedKeysEnabled: false,
autoBanUserOnExcessiveProjectsDownload: false,
autoDevopsDomain: "string",
autoDevopsEnabled: false,
automaticPurchasedStorageAllocation: false,
bulkImportConcurrentPipelineBatchLimit: 0,
bulkImportEnabled: false,
bulkImportMaxDownloadFileSize: 0,
canCreateGroup: false,
checkNamespacePlan: false,
ciMaxIncludes: 0,
ciMaxTotalYamlSizeBytes: 0,
commitEmailHostname: "string",
concurrentBitbucketImportJobsLimit: 0,
concurrentBitbucketServerImportJobsLimit: 0,
concurrentGithubImportJobsLimit: 0,
containerExpirationPoliciesEnableHistoricEntries: false,
containerRegistryCleanupTagsServiceMaxListSize: 0,
containerRegistryDeleteTagsServiceTimeout: 0,
containerRegistryExpirationPoliciesCaching: false,
containerRegistryExpirationPoliciesWorkerCapacity: 0,
containerRegistryTokenExpireDelay: 0,
deactivateDormantUsers: false,
deactivateDormantUsersPeriod: 0,
decompressArchiveFileTimeout: 0,
defaultArtifactsExpireIn: "string",
defaultBranchName: "string",
defaultBranchProtection: 0,
defaultBranchProtectionDefaults: {
allowForcePush: false,
allowedToMerges: ["any"],
allowedToPushes: ["any"],
developerCanInitialPush: false,
},
defaultCiConfigPath: "string",
defaultGroupVisibility: "string",
defaultPreferredLanguage: "string",
defaultProjectCreation: 0,
defaultProjectVisibility: "string",
defaultProjectsLimit: 0,
defaultSnippetVisibility: "string",
defaultSyntaxHighlightingTheme: 0,
deleteInactiveProjects: false,
deleteUnconfirmedUsers: false,
deletionAdjournedPeriod: 0,
diagramsnetEnabled: false,
diagramsnetUrl: "string",
diffMaxFiles: 0,
diffMaxLines: 0,
diffMaxPatchBytes: 0,
disableAdminOauthScopes: false,
disableFeedToken: false,
disablePersonalAccessTokens: false,
disabledOauthSignInSources: ["string"],
dnsRebindingProtectionEnabled: false,
domainAllowlists: ["string"],
domainDenylistEnabled: false,
domainDenylists: ["string"],
downstreamPipelineTriggerLimitPerProjectUserSha: 0,
dsaKeyRestriction: 0,
duoFeaturesEnabled: false,
ecdsaKeyRestriction: 0,
ecdsaSkKeyRestriction: 0,
ed25519KeyRestriction: 0,
ed25519SkKeyRestriction: 0,
eksAccessKeyId: "string",
eksAccountId: "string",
eksIntegrationEnabled: false,
eksSecretAccessKey: "string",
elasticsearchAws: false,
elasticsearchAwsAccessKey: "string",
elasticsearchAwsRegion: "string",
elasticsearchAwsSecretAccessKey: "string",
elasticsearchIndexedFieldLengthLimit: 0,
elasticsearchIndexedFileSizeLimitKb: 0,
elasticsearchIndexing: false,
elasticsearchLimitIndexing: false,
elasticsearchMaxBulkConcurrency: 0,
elasticsearchMaxBulkSizeMb: 0,
elasticsearchNamespaceIds: [0],
elasticsearchPassword: "string",
elasticsearchProjectIds: [0],
elasticsearchSearch: false,
elasticsearchUrls: ["string"],
elasticsearchUsername: "string",
emailAdditionalText: "string",
emailAuthorInBody: false,
enabledGitAccessProtocol: "string",
enforceNamespaceStorageLimit: false,
enforceTerms: false,
externalAuthClientCert: "string",
externalAuthClientKey: "string",
externalAuthClientKeyPass: "string",
externalAuthorizationServiceDefaultLabel: "string",
externalAuthorizationServiceEnabled: false,
externalAuthorizationServiceTimeout: 0,
externalAuthorizationServiceUrl: "string",
externalPipelineValidationServiceTimeout: 0,
externalPipelineValidationServiceToken: "string",
externalPipelineValidationServiceUrl: "string",
fileTemplateProjectId: 0,
firstDayOfWeek: 0,
geoNodeAllowedIps: "string",
geoStatusTimeout: 0,
gitRateLimitUsersAllowlists: ["string"],
gitTwoFactorSessionExpiry: 0,
gitalyTimeoutDefault: 0,
gitalyTimeoutFast: 0,
gitalyTimeoutMedium: 0,
grafanaEnabled: false,
grafanaUrl: "string",
gravatarEnabled: false,
groupOwnersCanManageDefaultBranchProtection: false,
hashedStorageEnabled: false,
helpPageHideCommercialContent: false,
helpPageSupportUrl: "string",
helpPageText: "string",
helpText: "string",
hideThirdPartyOffers: false,
homePageUrl: "string",
housekeepingEnabled: false,
housekeepingOptimizeRepositoryPeriod: 0,
htmlEmailsEnabled: false,
importSources: ["string"],
inProductMarketingEmailsEnabled: false,
inactiveProjectsDeleteAfterMonths: 0,
inactiveProjectsMinSizeMb: 0,
inactiveProjectsSendWarningEmailAfterMonths: 0,
invisibleCaptchaEnabled: false,
issuesCreateLimit: 0,
keepLatestArtifact: false,
localMarkdownVersion: 0,
mailgunEventsEnabled: false,
mailgunSigningKey: "string",
maintenanceMode: false,
maintenanceModeMessage: "string",
maxArtifactsSize: 0,
maxAttachmentSize: 0,
maxExportSize: 0,
maxImportSize: 0,
maxNumberOfRepositoryDownloads: 0,
maxNumberOfRepositoryDownloadsWithinTimePeriod: 0,
maxPagesSize: 0,
maxPersonalAccessTokenLifetime: 0,
maxSshKeyLifetime: 0,
maxTerraformStateSizeBytes: 0,
metricsMethodCallThreshold: 0,
minimumPasswordLength: 0,
mirrorAvailable: false,
mirrorCapacityThreshold: 0,
mirrorMaxCapacity: 0,
mirrorMaxDelay: 0,
npmPackageRequestsForwarding: false,
outboundLocalRequestsWhitelists: ["string"],
packageRegistryCleanupPoliciesWorkerCapacity: 0,
pagesDomainVerificationEnabled: false,
passwordAuthenticationEnabledForGit: false,
passwordAuthenticationEnabledForWeb: false,
passwordLowercaseRequired: false,
passwordNumberRequired: false,
passwordSymbolRequired: false,
passwordUppercaseRequired: false,
performanceBarAllowedGroupPath: "string",
personalAccessTokenPrefix: "string",
pipelineLimitPerProjectUserSha: 0,
plantumlEnabled: false,
plantumlUrl: "string",
pollingIntervalMultiplier: 0,
projectExportEnabled: false,
prometheusMetricsEnabled: false,
protectedCiVariables: false,
pushEventActivitiesLimit: 0,
pushEventHooksLimit: 0,
pypiPackageRequestsForwarding: false,
rateLimitingResponseText: "string",
rawBlobRequestLimit: 0,
recaptchaEnabled: false,
recaptchaPrivateKey: "string",
recaptchaSiteKey: "string",
receiveMaxInputSize: 0,
repositoryChecksEnabled: false,
repositorySizeLimit: 0,
repositoryStorages: ["string"],
repositoryStoragesWeighted: {
string: 0,
},
requireAdminApprovalAfterUserSignup: false,
requireTwoFactorAuthentication: false,
restrictedVisibilityLevels: ["string"],
rsaKeyRestriction: 0,
searchRateLimit: 0,
searchRateLimitUnauthenticated: 0,
sendUserConfirmationEmail: false,
sessionExpireDelay: 0,
sharedRunnersEnabled: false,
sharedRunnersMinutes: 0,
sharedRunnersText: "string",
sidekiqJobLimiterCompressionThresholdBytes: 0,
sidekiqJobLimiterLimitBytes: 0,
sidekiqJobLimiterMode: "string",
signInText: "string",
signupEnabled: false,
slackAppEnabled: false,
slackAppId: "string",
slackAppSecret: "string",
slackAppSigningSecret: "string",
slackAppVerificationToken: "string",
snippetSizeLimit: 0,
snowplowAppId: "string",
snowplowCollectorHostname: "string",
snowplowCookieDomain: "string",
snowplowEnabled: false,
sourcegraphEnabled: false,
sourcegraphPublicOnly: false,
sourcegraphUrl: "string",
spamCheckApiKey: "string",
spamCheckEndpointEnabled: false,
spamCheckEndpointUrl: "string",
suggestPipelineEnabled: false,
terminalMaxSessionTime: 0,
terms: "string",
throttleAuthenticatedApiEnabled: false,
throttleAuthenticatedApiPeriodInSeconds: 0,
throttleAuthenticatedApiRequestsPerPeriod: 0,
throttleAuthenticatedPackagesApiEnabled: false,
throttleAuthenticatedPackagesApiPeriodInSeconds: 0,
throttleAuthenticatedPackagesApiRequestsPerPeriod: 0,
throttleAuthenticatedWebEnabled: false,
throttleAuthenticatedWebPeriodInSeconds: 0,
throttleAuthenticatedWebRequestsPerPeriod: 0,
throttleUnauthenticatedApiEnabled: false,
throttleUnauthenticatedApiPeriodInSeconds: 0,
throttleUnauthenticatedApiRequestsPerPeriod: 0,
throttleUnauthenticatedPackagesApiEnabled: false,
throttleUnauthenticatedPackagesApiPeriodInSeconds: 0,
throttleUnauthenticatedPackagesApiRequestsPerPeriod: 0,
throttleUnauthenticatedWebEnabled: false,
throttleUnauthenticatedWebPeriodInSeconds: 0,
throttleUnauthenticatedWebRequestsPerPeriod: 0,
timeTrackingLimitToHours: false,
twoFactorGracePeriod: 0,
uniqueIpsLimitEnabled: false,
uniqueIpsLimitPerUser: 0,
uniqueIpsLimitTimeWindow: 0,
usagePingEnabled: false,
userDeactivationEmailsEnabled: false,
userDefaultExternal: false,
userDefaultInternalRegex: "string",
userOauthApplications: false,
userShowAddSshKeyMessage: false,
versionCheckEnabled: false,
webIdeClientsidePreviewEnabled: false,
whatsNewVariant: "string",
wikiPageMaxContentBytes: 0,
});
type: gitlab:ApplicationSettings
properties:
abuseNotificationEmail: string
adminMode: false
afterSignOutPath: string
afterSignUpText: string
akismetApiKey: string
akismetEnabled: false
allowAccountDeletion: false
allowGroupOwnersToManageLdap: false
allowLocalRequestsFromSystemHooks: false
allowLocalRequestsFromWebHooksAndServices: false
allowProjectCreationForGuestAndBelow: false
allowRunnerRegistrationToken: false
archiveBuildsInHumanReadable: string
asciidocMaxIncludes: 0
assetProxyAllowlists:
- string
assetProxyEnabled: false
assetProxySecretKey: string
assetProxyUrl: string
authorizedKeysEnabled: false
autoBanUserOnExcessiveProjectsDownload: false
autoDevopsDomain: string
autoDevopsEnabled: false
automaticPurchasedStorageAllocation: false
bulkImportConcurrentPipelineBatchLimit: 0
bulkImportEnabled: false
bulkImportMaxDownloadFileSize: 0
canCreateGroup: false
checkNamespacePlan: false
ciMaxIncludes: 0
ciMaxTotalYamlSizeBytes: 0
commitEmailHostname: string
concurrentBitbucketImportJobsLimit: 0
concurrentBitbucketServerImportJobsLimit: 0
concurrentGithubImportJobsLimit: 0
containerExpirationPoliciesEnableHistoricEntries: false
containerRegistryCleanupTagsServiceMaxListSize: 0
containerRegistryDeleteTagsServiceTimeout: 0
containerRegistryExpirationPoliciesCaching: false
containerRegistryExpirationPoliciesWorkerCapacity: 0
containerRegistryTokenExpireDelay: 0
deactivateDormantUsers: false
deactivateDormantUsersPeriod: 0
decompressArchiveFileTimeout: 0
defaultArtifactsExpireIn: string
defaultBranchName: string
defaultBranchProtection: 0
defaultBranchProtectionDefaults:
allowForcePush: false
allowedToMerges:
- any
allowedToPushes:
- any
developerCanInitialPush: false
defaultCiConfigPath: string
defaultGroupVisibility: string
defaultPreferredLanguage: string
defaultProjectCreation: 0
defaultProjectVisibility: string
defaultProjectsLimit: 0
defaultSnippetVisibility: string
defaultSyntaxHighlightingTheme: 0
deleteInactiveProjects: false
deleteUnconfirmedUsers: false
deletionAdjournedPeriod: 0
diagramsnetEnabled: false
diagramsnetUrl: string
diffMaxFiles: 0
diffMaxLines: 0
diffMaxPatchBytes: 0
disableAdminOauthScopes: false
disableFeedToken: false
disablePersonalAccessTokens: false
disabledOauthSignInSources:
- string
dnsRebindingProtectionEnabled: false
domainAllowlists:
- string
domainDenylistEnabled: false
domainDenylists:
- string
downstreamPipelineTriggerLimitPerProjectUserSha: 0
dsaKeyRestriction: 0
duoFeaturesEnabled: false
ecdsaKeyRestriction: 0
ecdsaSkKeyRestriction: 0
ed25519KeyRestriction: 0
ed25519SkKeyRestriction: 0
eksAccessKeyId: string
eksAccountId: string
eksIntegrationEnabled: false
eksSecretAccessKey: string
elasticsearchAws: false
elasticsearchAwsAccessKey: string
elasticsearchAwsRegion: string
elasticsearchAwsSecretAccessKey: string
elasticsearchIndexedFieldLengthLimit: 0
elasticsearchIndexedFileSizeLimitKb: 0
elasticsearchIndexing: false
elasticsearchLimitIndexing: false
elasticsearchMaxBulkConcurrency: 0
elasticsearchMaxBulkSizeMb: 0
elasticsearchNamespaceIds:
- 0
elasticsearchPassword: string
elasticsearchProjectIds:
- 0
elasticsearchSearch: false
elasticsearchUrls:
- string
elasticsearchUsername: string
emailAdditionalText: string
emailAuthorInBody: false
enabledGitAccessProtocol: string
enforceNamespaceStorageLimit: false
enforceTerms: false
externalAuthClientCert: string
externalAuthClientKey: string
externalAuthClientKeyPass: string
externalAuthorizationServiceDefaultLabel: string
externalAuthorizationServiceEnabled: false
externalAuthorizationServiceTimeout: 0
externalAuthorizationServiceUrl: string
externalPipelineValidationServiceTimeout: 0
externalPipelineValidationServiceToken: string
externalPipelineValidationServiceUrl: string
fileTemplateProjectId: 0
firstDayOfWeek: 0
geoNodeAllowedIps: string
geoStatusTimeout: 0
gitRateLimitUsersAllowlists:
- string
gitTwoFactorSessionExpiry: 0
gitalyTimeoutDefault: 0
gitalyTimeoutFast: 0
gitalyTimeoutMedium: 0
grafanaEnabled: false
grafanaUrl: string
gravatarEnabled: false
groupOwnersCanManageDefaultBranchProtection: false
hashedStorageEnabled: false
helpPageHideCommercialContent: false
helpPageSupportUrl: string
helpPageText: string
helpText: string
hideThirdPartyOffers: false
homePageUrl: string
housekeepingEnabled: false
housekeepingOptimizeRepositoryPeriod: 0
htmlEmailsEnabled: false
importSources:
- string
inProductMarketingEmailsEnabled: false
inactiveProjectsDeleteAfterMonths: 0
inactiveProjectsMinSizeMb: 0
inactiveProjectsSendWarningEmailAfterMonths: 0
invisibleCaptchaEnabled: false
issuesCreateLimit: 0
keepLatestArtifact: false
localMarkdownVersion: 0
mailgunEventsEnabled: false
mailgunSigningKey: string
maintenanceMode: false
maintenanceModeMessage: string
maxArtifactsSize: 0
maxAttachmentSize: 0
maxExportSize: 0
maxImportSize: 0
maxNumberOfRepositoryDownloads: 0
maxNumberOfRepositoryDownloadsWithinTimePeriod: 0
maxPagesSize: 0
maxPersonalAccessTokenLifetime: 0
maxSshKeyLifetime: 0
maxTerraformStateSizeBytes: 0
metricsMethodCallThreshold: 0
minimumPasswordLength: 0
mirrorAvailable: false
mirrorCapacityThreshold: 0
mirrorMaxCapacity: 0
mirrorMaxDelay: 0
npmPackageRequestsForwarding: false
outboundLocalRequestsWhitelists:
- string
packageRegistryCleanupPoliciesWorkerCapacity: 0
pagesDomainVerificationEnabled: false
passwordAuthenticationEnabledForGit: false
passwordAuthenticationEnabledForWeb: false
passwordLowercaseRequired: false
passwordNumberRequired: false
passwordSymbolRequired: false
passwordUppercaseRequired: false
performanceBarAllowedGroupPath: string
personalAccessTokenPrefix: string
pipelineLimitPerProjectUserSha: 0
plantumlEnabled: false
plantumlUrl: string
pollingIntervalMultiplier: 0
projectExportEnabled: false
prometheusMetricsEnabled: false
protectedCiVariables: false
pushEventActivitiesLimit: 0
pushEventHooksLimit: 0
pypiPackageRequestsForwarding: false
rateLimitingResponseText: string
rawBlobRequestLimit: 0
recaptchaEnabled: false
recaptchaPrivateKey: string
recaptchaSiteKey: string
receiveMaxInputSize: 0
repositoryChecksEnabled: false
repositorySizeLimit: 0
repositoryStorages:
- string
repositoryStoragesWeighted:
string: 0
requireAdminApprovalAfterUserSignup: false
requireTwoFactorAuthentication: false
restrictedVisibilityLevels:
- string
rsaKeyRestriction: 0
searchRateLimit: 0
searchRateLimitUnauthenticated: 0
sendUserConfirmationEmail: false
sessionExpireDelay: 0
sharedRunnersEnabled: false
sharedRunnersMinutes: 0
sharedRunnersText: string
sidekiqJobLimiterCompressionThresholdBytes: 0
sidekiqJobLimiterLimitBytes: 0
sidekiqJobLimiterMode: string
signInText: string
signupEnabled: false
slackAppEnabled: false
slackAppId: string
slackAppSecret: string
slackAppSigningSecret: string
slackAppVerificationToken: string
snippetSizeLimit: 0
snowplowAppId: string
snowplowCollectorHostname: string
snowplowCookieDomain: string
snowplowEnabled: false
sourcegraphEnabled: false
sourcegraphPublicOnly: false
sourcegraphUrl: string
spamCheckApiKey: string
spamCheckEndpointEnabled: false
spamCheckEndpointUrl: string
suggestPipelineEnabled: false
terminalMaxSessionTime: 0
terms: string
throttleAuthenticatedApiEnabled: false
throttleAuthenticatedApiPeriodInSeconds: 0
throttleAuthenticatedApiRequestsPerPeriod: 0
throttleAuthenticatedPackagesApiEnabled: false
throttleAuthenticatedPackagesApiPeriodInSeconds: 0
throttleAuthenticatedPackagesApiRequestsPerPeriod: 0
throttleAuthenticatedWebEnabled: false
throttleAuthenticatedWebPeriodInSeconds: 0
throttleAuthenticatedWebRequestsPerPeriod: 0
throttleUnauthenticatedApiEnabled: false
throttleUnauthenticatedApiPeriodInSeconds: 0
throttleUnauthenticatedApiRequestsPerPeriod: 0
throttleUnauthenticatedPackagesApiEnabled: false
throttleUnauthenticatedPackagesApiPeriodInSeconds: 0
throttleUnauthenticatedPackagesApiRequestsPerPeriod: 0
throttleUnauthenticatedWebEnabled: false
throttleUnauthenticatedWebPeriodInSeconds: 0
throttleUnauthenticatedWebRequestsPerPeriod: 0
timeTrackingLimitToHours: false
twoFactorGracePeriod: 0
uniqueIpsLimitEnabled: false
uniqueIpsLimitPerUser: 0
uniqueIpsLimitTimeWindow: 0
usagePingEnabled: false
userDeactivationEmailsEnabled: false
userDefaultExternal: false
userDefaultInternalRegex: string
userOauthApplications: false
userShowAddSshKeyMessage: false
versionCheckEnabled: false
webIdeClientsidePreviewEnabled: false
whatsNewVariant: string
wikiPageMaxContentBytes: 0
ApplicationSettings Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ApplicationSettings resource accepts the following input properties:
- Abuse
Notification stringEmail - If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- Admin
Mode bool - Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- After
Sign stringOut Path - Where to redirect users after logout.
- After
Sign stringUp Text - Text shown to the user after signing up.
- string
- API key for Akismet spam protection.
- bool
- (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- Allow
Account boolDeletion - Set to true to allow users to delete their accounts. Premium and Ultimate only.
- Allow
Group boolOwners To Manage Ldap - Set to true to allow group owners to manage LDAP.
- Allow
Local boolRequests From System Hooks - Allow requests to the local network from system hooks.
- Allow
Local boolRequests From Web Hooks And Services - Allow requests to the local network from web hooks and services.
- Allow
Project boolCreation For Guest And Below - Indicates whether users assigned up to the Guest role can create groups and personal projects.
- Allow
Runner boolRegistration Token - Allow using a registration token to create a runner.
- Archive
Builds stringIn Human Readable - Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- Asciidoc
Max intIncludes - Maximum limit of AsciiDoc include directives being processed in any one document. Maximum: 64.
- Asset
Proxy List<string>Allowlists - Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- Asset
Proxy boolEnabled - (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- Asset
Proxy stringSecret Key - Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- Asset
Proxy stringUrl - URL of the asset proxy server. GitLab restart is required to apply changes.
- bool
- By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- Auto
Ban boolUser On Excessive Projects Download - When enabled, users will get automatically banned from the application when they download more than the maximum number of unique projects in the time period specified by maxnumberofrepositorydownloads and maxnumberofrepositorydownloadswithintime_period respectively. Introduced in GitLab 15.4. Self-managed, Ultimate only.
- Auto
Devops stringDomain - Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- Auto
Devops boolEnabled - Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- Automatic
Purchased boolStorage Allocation - Enabling this permits automatic allocation of purchased storage in a namespace.
- Bulk
Import intConcurrent Pipeline Batch Limit - Maximum simultaneous Direct Transfer batches to process.
- Bulk
Import boolEnabled - Enable migrating GitLab groups by direct transfer. Introduced in GitLab 15.8.
- Bulk
Import intMax Download File Size - Maximum download file size when importing from source GitLab instances by direct transfer. Introduced in GitLab 16.3.
- Can
Create boolGroup - Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
- Check
Namespace boolPlan - Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- Ci
Max intIncludes - The maximum number of includes per pipeline.
- Ci
Max intTotal Yaml Size Bytes - The maximum amount of memory, in bytes, that can be allocated for the pipeline configuration, with all included YAML configuration files.
- Commit
Email stringHostname - Custom hostname (for private commit emails).
- Concurrent
Bitbucket intImport Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Cloud importer. Introduced in GitLab 16.11.
- Concurrent
Bitbucket intServer Import Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Server importer. Introduced in GitLab 16.11.
- Concurrent
Github intImport Jobs Limit - Maximum number of simultaneous import jobs for the GitHub importer. Introduced in GitLab 16.11.
- Container
Expiration boolPolicies Enable Historic Entries - Enable cleanup policies for all projects.
- int
- The maximum number of tags that can be deleted in a single execution of cleanup policies.
- int
- The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- Container
Registry boolExpiration Policies Caching - Caching during the execution of cleanup policies.
- Container
Registry intExpiration Policies Worker Capacity - Number of workers for cleanup policies.
- Container
Registry intToken Expire Delay - Container Registry token duration in minutes.
- Deactivate
Dormant boolUsers - Enable automatic deactivation of dormant users.
- Deactivate
Dormant intUsers Period - Length of time (in days) after which a user is considered dormant. Introduced in GitLab 15.3.
- Decompress
Archive intFile Timeout - Default timeout for decompressing archived files, in seconds. Set to 0 to disable timeouts. Introduced in GitLab 16.4.
- Default
Artifacts stringExpire In - Set the default expiration time for each job’s artifacts.
- Default
Branch stringName - Instance-level custom initial branch name (introduced in GitLab 13.2).
- Default
Branch intProtection - Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- Default
Branch Pulumi.Protection Defaults Git Lab. Inputs. Application Settings Default Branch Protection Defaults - The defaultbranchprotection*defaults attribute describes the default branch protection defaults. All parameters are optional.
- Default
Ci stringConfig Path - Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- Default
Group stringVisibility - What visibility level new groups receive. Can take private, internal and public as a parameter.
- Default
Preferred stringLanguage - Default preferred language for users who are not logged in.
- Default
Project intCreation - Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- Default
Project stringVisibility - What visibility level new projects receive. Can take private, internal and public as a parameter.
- Default
Projects intLimit - Project limit per user.
- Default
Snippet stringVisibility - What visibility level new snippets receive. Can take private, internal and public as a parameter.
- Default
Syntax intHighlighting Theme - Default syntax highlighting theme for users who are new or not signed in. See IDs of available themes (https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/themes.rb#L16)
- Delete
Inactive boolProjects - Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
- Delete
Unconfirmed boolUsers - Specifies whether users who have not confirmed their email should be deleted. When set to true, unconfirmed users are deleted after unconfirmedusersdeleteafterdays days. Introduced in GitLab 16.1. Self-managed, Premium and Ultimate only.
- Deletion
Adjourned intPeriod - The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
- Diagramsnet
Enabled bool - (If enabled, requires diagramsnet_url) Enable Diagrams.net integration.
- Diagramsnet
Url string - The Diagrams.net instance URL for integration.
- Diff
Max intFiles - Maximum files in a diff.
- Diff
Max intLines - Maximum lines in a diff.
- Diff
Max intPatch Bytes - Maximum diff patch size, in bytes.
- Disable
Admin boolOauth Scopes - Stops administrators from connecting their GitLab accounts to non-trusted OAuth 2.0 applications that have the api, readapi, readrepository, writerepository, readregistry, write_registry, or sudo scopes. Introduced in GitLab 15.6.
- Disable
Feed boolToken - Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- Disable
Personal boolAccess Tokens - Disable personal access tokens. Introduced in GitLab 15.7. Self-managed, Premium and Ultimate only. There is no method available to enable a personal access token that’s been disabled through the API. This is a known issue.
- Disabled
Oauth List<string>Sign In Sources - Disabled OAuth sign-in sources.
- Dns
Rebinding boolProtection Enabled - Enforce DNS rebinding attack protection.
- Domain
Allowlists List<string> - Force people to use only corporate emails for sign-up. Null means there is no restriction.
- Domain
Denylist boolEnabled - (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- Domain
Denylists List<string> - Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- Downstream
Pipeline intTrigger Limit Per Project User Sha - Maximum downstream pipeline trigger rate. Introduced in GitLab 16.10.
- Dsa
Key intRestriction - The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
- Duo
Features boolEnabled - Indicates whether GitLab Duo features are enabled for this instance. Introduced in GitLab 16.10. Self-managed, Premium and Ultimate only.
- Ecdsa
Key intRestriction - The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
- Ecdsa
Sk intKey Restriction - The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
- Ed25519Key
Restriction int - The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
- Ed25519Sk
Key intRestriction - The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
- Eks
Access stringKey Id - AWS IAM access key ID.
- Eks
Account stringId - Amazon account ID.
- Eks
Integration boolEnabled - Enable integration with Amazon EKS.
- Eks
Secret stringAccess Key - AWS IAM secret access key.
- Elasticsearch
Aws bool - Enable the use of AWS hosted Elasticsearch.
- Elasticsearch
Aws stringAccess Key - AWS IAM access key.
- Elasticsearch
Aws stringRegion - The AWS region the Elasticsearch domain is configured.
- Elasticsearch
Aws stringSecret Access Key - AWS IAM secret access key.
- Elasticsearch
Indexed intField Length Limit - Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- Elasticsearch
Indexed intFile Size Limit Kb - Maximum size of repository and wiki files that are indexed by Elasticsearch.
- Elasticsearch
Indexing bool - Enable Elasticsearch indexing.
- Elasticsearch
Limit boolIndexing - Limit Elasticsearch to index certain namespaces and projects.
- Elasticsearch
Max intBulk Concurrency - Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- Elasticsearch
Max intBulk Size Mb - Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- Elasticsearch
Namespace List<int>Ids - The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- Elasticsearch
Password string - The password of your Elasticsearch instance.
- Elasticsearch
Project List<int>Ids - The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- Elasticsearch
Search bool - Enable Elasticsearch search.
- Elasticsearch
Urls List<string> - The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- Elasticsearch
Username string - The username of your Elasticsearch instance.
- Email
Additional stringText - Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- bool
- Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- Enabled
Git stringAccess Protocol - Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- Enforce
Namespace boolStorage Limit - Enabling this permits enforcement of namespace storage limits.
- Enforce
Terms bool - (If enabled, requires: terms) Enforce application ToS to all users.
- External
Auth stringClient Cert - (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- External
Auth stringClient Key - Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- External
Auth stringClient Key Pass - Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- string
- The default classification label to use when requesting authorization and no classification label has been specified on the project.
- bool
- (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- double
- The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- string
- URL to which authorization requests are directed.
- External
Pipeline intValidation Service Timeout - How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- External
Pipeline stringValidation Service Token - Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- External
Pipeline stringValidation Service Url - URL to use for pipeline validation requests.
- File
Template intProject Id - The ID of a project to load custom file templates from.
- First
Day intOf Week - Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
- Geo
Node stringAllowed Ips - Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- Geo
Status intTimeout - The amount of seconds after which a request to get a secondary node status times out.
- Git
Rate List<string>Limit Users Allowlists - List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
- Git
Two intFactor Session Expiry - Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- Gitaly
Timeout intDefault - Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- Gitaly
Timeout intFast - Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- Gitaly
Timeout intMedium - Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- Grafana
Enabled bool - Enable Grafana.
- Grafana
Url string - Grafana URL.
- Gravatar
Enabled bool - Enable Gravatar.
- Group
Owners boolCan Manage Default Branch Protection - Prevent overrides of default branch protection.
- Hashed
Storage boolEnabled - Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- Help
Page boolHide Commercial Content - Hide marketing-related entries from help.
- Help
Page stringSupport Url - Alternate support URL for help page and help dropdown.
- Help
Page stringText - Custom text displayed on the help page.
- Help
Text string - GitLab server administrator information.
- Hide
Third boolParty Offers - Do not display offers from third parties in GitLab.
- Home
Page stringUrl - Redirect to this URL when not logged in.
- Housekeeping
Enabled bool - Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
- Housekeeping
Full intRepack Period - Number of Git pushes after which an incremental git repack is run.
- Housekeeping
Gc intPeriod - Number of Git pushes after which git gc is run.
- Housekeeping
Incremental intRepack Period - Number of Git pushes after which an incremental git repack is run.
- Housekeeping
Optimize intRepository Period - Number of Git pushes after which an incremental git repack is run.
- Html
Emails boolEnabled - Enable HTML emails.
- Import
Sources List<string> - Sources to allow project import from. Valid values are:
github,bitbucket,bitbucket_server,fogbugz,git,gitlab.Project,gitea,manifest - In
Product boolMarketing Emails Enabled - Enable in-product marketing emails.
- Inactive
Projects intDelete After Months - If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Inactive
Projects intMin Size Mb - If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Inactive
Projects intSend Warning Email After Months - If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Invisible
Captcha boolEnabled - Enable Invisible CAPTCHA spam detection during sign-up.
- Issues
Create intLimit - Max number of issue creation requests per minute per user.
- Keep
Latest boolArtifact - Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
- Local
Markdown intVersion - Increase this value when any cached Markdown should be invalidated.
- Mailgun
Events boolEnabled - Enable Mailgun event receiver.
- Mailgun
Signing stringKey - The Mailgun HTTP webhook signing key for receiving events from webhook.
- Maintenance
Mode bool - When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- Maintenance
Mode stringMessage - Message displayed when instance is in maintenance mode.
- Max
Artifacts intSize - Maximum artifacts size in MB.
- Max
Attachment intSize - Limit attachment size in MB.
- Max
Export intSize - Maximum export size in MB. 0 for unlimited.
- Max
Import intSize - Maximum import size in MB. 0 for unlimited.
- Max
Number intOf Repository Downloads - Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- Max
Number intOf Repository Downloads Within Time Period - Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- Max
Pages intSize - Maximum size of pages repositories in MB.
- Max
Personal intAccess Token Lifetime - Maximum allowable lifetime for access tokens in days.
- Max
Ssh intKey Lifetime - Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- Max
Terraform intState Size Bytes - Metrics
Method intCall Threshold - A method call is only tracked when it takes longer than the given amount of milliseconds.
- Minimum
Password intLength - Indicates whether passwords require a minimum length. Introduced in GitLab 15.1. Premium and Ultimate only.
- Mirror
Available bool - Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- Mirror
Capacity intThreshold - Minimum capacity to be available before scheduling more mirrors preemptively.
- Mirror
Max intCapacity - Maximum number of mirrors that can be synchronizing at the same time.
- Mirror
Max intDelay - Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- Npm
Package boolRequests Forwarding - Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- Outbound
Local List<string>Requests Whitelists - Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- Package
Registry intCleanup Policies Worker Capacity - Number of workers assigned to the packages cleanup policies.
- Pages
Domain boolVerification Enabled - Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- Password
Authentication boolEnabled For Git - Enable authentication for Git over HTTP(S) via a GitLab account password.
- Password
Authentication boolEnabled For Web - Enable authentication for the web interface via a GitLab account password.
- Password
Lowercase boolRequired - Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- Password
Number boolRequired - Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- Password
Symbol boolRequired - Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- Password
Uppercase boolRequired - Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- Performance
Bar stringAllowed Group Path - Path of the group that is allowed to toggle the performance bar.
- Personal
Access stringToken Prefix - Prefix for all generated personal access tokens.
- Pipeline
Limit intPer Project User Sha - Maximum number of pipeline creation requests per minute per user and commit.
- Plantuml
Enabled bool - (If enabled, requires: plantuml_url) Enable PlantUML integration.
- Plantuml
Url string - The PlantUML instance URL for integration.
- Polling
Interval doubleMultiplier - Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- Project
Export boolEnabled - Enable project export.
- Prometheus
Metrics boolEnabled - Enable Prometheus metrics.
- Protected
Ci boolVariables - CI/CD variables are protected by default.
- Push
Event intActivities Limit - Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- Push
Event intHooks Limit - Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- Pypi
Package boolRequests Forwarding - Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- Rate
Limiting stringResponse Text - When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- Raw
Blob intRequest Limit - Max number of requests per minute for each raw path. To disable throttling set to 0.
- Recaptcha
Enabled bool - (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- Recaptcha
Private stringKey - Private key for reCAPTCHA.
- Recaptcha
Site stringKey - Site key for reCAPTCHA.
- Receive
Max intInput Size - Maximum push size (MB).
- Repository
Checks boolEnabled - GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- Repository
Size intLimit - Size limit per repository (MB).
- Repository
Storages List<string> - (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- Repository
Storages Dictionary<string, int>Weighted - (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- Require
Admin boolApproval After User Signup - When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- Require
Two boolFactor Authentication - (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- Restricted
Visibility List<string>Levels - Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
- Rsa
Key intRestriction - The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
- Search
Rate intLimit - Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
- Search
Rate intLimit Unauthenticated - Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
- Send
User boolConfirmation Email - Send confirmation email on sign-up.
- Session
Expire intDelay - Session duration in minutes. GitLab restart is required to apply changes.
- bool
- (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- int
- Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- string
- Shared runners text.
- Sidekiq
Job intLimiter Compression Threshold Bytes - The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
- Sidekiq
Job intLimiter Limit Bytes - The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
- Sidekiq
Job stringLimiter Mode - track or compress. Sets the behavior for Sidekiq job size limits.
- Sign
In stringText - Text on the login page.
- Signup
Enabled bool - Enable registration.
- Slack
App boolEnabled - (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- Slack
App stringId - The app ID of the Slack-app.
- Slack
App stringSecret - The app secret of the Slack-app.
- Slack
App stringSigning Secret - The signing secret of the Slack-app.
- Slack
App stringVerification Token - The verification token of the Slack-app.
- Snippet
Size intLimit - Max snippet content size in bytes.
- Snowplow
App stringId - The Snowplow site name / application ID. (for example, gitlab)
- Snowplow
Collector stringHostname - The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- string
- The Snowplow cookie domain. (for example, .gitlab.com)
- Snowplow
Enabled bool - Enable snowplow tracking.
- Sourcegraph
Enabled bool - Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
- Sourcegraph
Public boolOnly - Blocks Sourcegraph from being loaded on private and internal projects.
- Sourcegraph
Url string - The Sourcegraph instance URL for integration.
- Spam
Check stringApi Key - API key used by GitLab for accessing the Spam Check service endpoint.
- Spam
Check boolEndpoint Enabled - Enables spam checking using external Spam Check API endpoint.
- Spam
Check stringEndpoint Url - URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- Suggest
Pipeline boolEnabled - Enable pipeline suggestion banner.
- Terminal
Max intSession Time - Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- Terms string
- (Required by: enforce_terms) Markdown content for the ToS.
- Throttle
Authenticated boolApi Enabled - (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Authenticated intApi Period In Seconds - Rate limit period (in seconds).
- Throttle
Authenticated intApi Requests Per Period - Maximum requests per period per user.
- Throttle
Authenticated boolPackages Api Enabled - (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- Throttle
Authenticated intPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- Throttle
Authenticated intPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- Throttle
Authenticated boolWeb Enabled - (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Authenticated intWeb Period In Seconds - Rate limit period (in seconds).
- Throttle
Authenticated intWeb Requests Per Period - Maximum requests per period per user.
- Throttle
Unauthenticated boolApi Enabled - (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Unauthenticated intApi Period In Seconds - Rate limit period in seconds.
- Throttle
Unauthenticated intApi Requests Per Period - Max requests per period per IP.
- Throttle
Unauthenticated boolPackages Api Enabled - (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- Throttle
Unauthenticated intPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- Throttle
Unauthenticated intPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- Throttle
Unauthenticated boolWeb Enabled - (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Unauthenticated intWeb Period In Seconds - Rate limit period in seconds.
- Throttle
Unauthenticated intWeb Requests Per Period - Max requests per period per IP.
- Time
Tracking boolLimit To Hours - Limit display of time tracking units to hours.
- Two
Factor intGrace Period - Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- Unique
Ips boolLimit Enabled - (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- Unique
Ips intLimit Per User - Maximum number of IPs per user.
- Unique
Ips intLimit Time Window - How many seconds an IP is counted towards the limit.
- Usage
Ping boolEnabled - Every week GitLab reports license usage back to GitLab, Inc.
- User
Deactivation boolEmails Enabled - Send an email to users upon account deactivation.
- User
Default boolExternal - Newly registered users are external by default.
- User
Default stringInternal Regex - Specify an email address regex pattern to identify default internal users.
- User
Oauth boolApplications - Allow users to register any application to use GitLab as an OAuth provider.
- User
Show boolAdd Ssh Key Message - When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- Version
Check boolEnabled - Let GitLab inform you when an update is available.
- Web
Ide boolClientside Preview Enabled - Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- Whats
New stringVariant - What’s new variant, possible values: alltiers, currenttier, and disabled.
- Wiki
Page intMax Content Bytes - Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
- Abuse
Notification stringEmail - If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- Admin
Mode bool - Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- After
Sign stringOut Path - Where to redirect users after logout.
- After
Sign stringUp Text - Text shown to the user after signing up.
- string
- API key for Akismet spam protection.
- bool
- (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- Allow
Account boolDeletion - Set to true to allow users to delete their accounts. Premium and Ultimate only.
- Allow
Group boolOwners To Manage Ldap - Set to true to allow group owners to manage LDAP.
- Allow
Local boolRequests From System Hooks - Allow requests to the local network from system hooks.
- Allow
Local boolRequests From Web Hooks And Services - Allow requests to the local network from web hooks and services.
- Allow
Project boolCreation For Guest And Below - Indicates whether users assigned up to the Guest role can create groups and personal projects.
- Allow
Runner boolRegistration Token - Allow using a registration token to create a runner.
- Archive
Builds stringIn Human Readable - Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- Asciidoc
Max intIncludes - Maximum limit of AsciiDoc include directives being processed in any one document. Maximum: 64.
- Asset
Proxy []stringAllowlists - Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- Asset
Proxy boolEnabled - (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- Asset
Proxy stringSecret Key - Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- Asset
Proxy stringUrl - URL of the asset proxy server. GitLab restart is required to apply changes.
- bool
- By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- Auto
Ban boolUser On Excessive Projects Download - When enabled, users will get automatically banned from the application when they download more than the maximum number of unique projects in the time period specified by maxnumberofrepositorydownloads and maxnumberofrepositorydownloadswithintime_period respectively. Introduced in GitLab 15.4. Self-managed, Ultimate only.
- Auto
Devops stringDomain - Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- Auto
Devops boolEnabled - Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- Automatic
Purchased boolStorage Allocation - Enabling this permits automatic allocation of purchased storage in a namespace.
- Bulk
Import intConcurrent Pipeline Batch Limit - Maximum simultaneous Direct Transfer batches to process.
- Bulk
Import boolEnabled - Enable migrating GitLab groups by direct transfer. Introduced in GitLab 15.8.
- Bulk
Import intMax Download File Size - Maximum download file size when importing from source GitLab instances by direct transfer. Introduced in GitLab 16.3.
- Can
Create boolGroup - Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
- Check
Namespace boolPlan - Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- Ci
Max intIncludes - The maximum number of includes per pipeline.
- Ci
Max intTotal Yaml Size Bytes - The maximum amount of memory, in bytes, that can be allocated for the pipeline configuration, with all included YAML configuration files.
- Commit
Email stringHostname - Custom hostname (for private commit emails).
- Concurrent
Bitbucket intImport Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Cloud importer. Introduced in GitLab 16.11.
- Concurrent
Bitbucket intServer Import Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Server importer. Introduced in GitLab 16.11.
- Concurrent
Github intImport Jobs Limit - Maximum number of simultaneous import jobs for the GitHub importer. Introduced in GitLab 16.11.
- Container
Expiration boolPolicies Enable Historic Entries - Enable cleanup policies for all projects.
- int
- The maximum number of tags that can be deleted in a single execution of cleanup policies.
- int
- The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- Container
Registry boolExpiration Policies Caching - Caching during the execution of cleanup policies.
- Container
Registry intExpiration Policies Worker Capacity - Number of workers for cleanup policies.
- Container
Registry intToken Expire Delay - Container Registry token duration in minutes.
- Deactivate
Dormant boolUsers - Enable automatic deactivation of dormant users.
- Deactivate
Dormant intUsers Period - Length of time (in days) after which a user is considered dormant. Introduced in GitLab 15.3.
- Decompress
Archive intFile Timeout - Default timeout for decompressing archived files, in seconds. Set to 0 to disable timeouts. Introduced in GitLab 16.4.
- Default
Artifacts stringExpire In - Set the default expiration time for each job’s artifacts.
- Default
Branch stringName - Instance-level custom initial branch name (introduced in GitLab 13.2).
- Default
Branch intProtection - Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- Default
Branch ApplicationProtection Defaults Settings Default Branch Protection Defaults Args - The defaultbranchprotection*defaults attribute describes the default branch protection defaults. All parameters are optional.
- Default
Ci stringConfig Path - Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- Default
Group stringVisibility - What visibility level new groups receive. Can take private, internal and public as a parameter.
- Default
Preferred stringLanguage - Default preferred language for users who are not logged in.
- Default
Project intCreation - Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- Default
Project stringVisibility - What visibility level new projects receive. Can take private, internal and public as a parameter.
- Default
Projects intLimit - Project limit per user.
- Default
Snippet stringVisibility - What visibility level new snippets receive. Can take private, internal and public as a parameter.
- Default
Syntax intHighlighting Theme - Default syntax highlighting theme for users who are new or not signed in. See IDs of available themes (https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/themes.rb#L16)
- Delete
Inactive boolProjects - Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
- Delete
Unconfirmed boolUsers - Specifies whether users who have not confirmed their email should be deleted. When set to true, unconfirmed users are deleted after unconfirmedusersdeleteafterdays days. Introduced in GitLab 16.1. Self-managed, Premium and Ultimate only.
- Deletion
Adjourned intPeriod - The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
- Diagramsnet
Enabled bool - (If enabled, requires diagramsnet_url) Enable Diagrams.net integration.
- Diagramsnet
Url string - The Diagrams.net instance URL for integration.
- Diff
Max intFiles - Maximum files in a diff.
- Diff
Max intLines - Maximum lines in a diff.
- Diff
Max intPatch Bytes - Maximum diff patch size, in bytes.
- Disable
Admin boolOauth Scopes - Stops administrators from connecting their GitLab accounts to non-trusted OAuth 2.0 applications that have the api, readapi, readrepository, writerepository, readregistry, write_registry, or sudo scopes. Introduced in GitLab 15.6.
- Disable
Feed boolToken - Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- Disable
Personal boolAccess Tokens - Disable personal access tokens. Introduced in GitLab 15.7. Self-managed, Premium and Ultimate only. There is no method available to enable a personal access token that’s been disabled through the API. This is a known issue.
- Disabled
Oauth []stringSign In Sources - Disabled OAuth sign-in sources.
- Dns
Rebinding boolProtection Enabled - Enforce DNS rebinding attack protection.
- Domain
Allowlists []string - Force people to use only corporate emails for sign-up. Null means there is no restriction.
- Domain
Denylist boolEnabled - (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- Domain
Denylists []string - Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- Downstream
Pipeline intTrigger Limit Per Project User Sha - Maximum downstream pipeline trigger rate. Introduced in GitLab 16.10.
- Dsa
Key intRestriction - The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
- Duo
Features boolEnabled - Indicates whether GitLab Duo features are enabled for this instance. Introduced in GitLab 16.10. Self-managed, Premium and Ultimate only.
- Ecdsa
Key intRestriction - The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
- Ecdsa
Sk intKey Restriction - The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
- Ed25519Key
Restriction int - The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
- Ed25519Sk
Key intRestriction - The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
- Eks
Access stringKey Id - AWS IAM access key ID.
- Eks
Account stringId - Amazon account ID.
- Eks
Integration boolEnabled - Enable integration with Amazon EKS.
- Eks
Secret stringAccess Key - AWS IAM secret access key.
- Elasticsearch
Aws bool - Enable the use of AWS hosted Elasticsearch.
- Elasticsearch
Aws stringAccess Key - AWS IAM access key.
- Elasticsearch
Aws stringRegion - The AWS region the Elasticsearch domain is configured.
- Elasticsearch
Aws stringSecret Access Key - AWS IAM secret access key.
- Elasticsearch
Indexed intField Length Limit - Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- Elasticsearch
Indexed intFile Size Limit Kb - Maximum size of repository and wiki files that are indexed by Elasticsearch.
- Elasticsearch
Indexing bool - Enable Elasticsearch indexing.
- Elasticsearch
Limit boolIndexing - Limit Elasticsearch to index certain namespaces and projects.
- Elasticsearch
Max intBulk Concurrency - Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- Elasticsearch
Max intBulk Size Mb - Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- Elasticsearch
Namespace []intIds - The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- Elasticsearch
Password string - The password of your Elasticsearch instance.
- Elasticsearch
Project []intIds - The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- Elasticsearch
Search bool - Enable Elasticsearch search.
- Elasticsearch
Urls []string - The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- Elasticsearch
Username string - The username of your Elasticsearch instance.
- Email
Additional stringText - Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- bool
- Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- Enabled
Git stringAccess Protocol - Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- Enforce
Namespace boolStorage Limit - Enabling this permits enforcement of namespace storage limits.
- Enforce
Terms bool - (If enabled, requires: terms) Enforce application ToS to all users.
- External
Auth stringClient Cert - (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- External
Auth stringClient Key - Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- External
Auth stringClient Key Pass - Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- string
- The default classification label to use when requesting authorization and no classification label has been specified on the project.
- bool
- (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- float64
- The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- string
- URL to which authorization requests are directed.
- External
Pipeline intValidation Service Timeout - How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- External
Pipeline stringValidation Service Token - Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- External
Pipeline stringValidation Service Url - URL to use for pipeline validation requests.
- File
Template intProject Id - The ID of a project to load custom file templates from.
- First
Day intOf Week - Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
- Geo
Node stringAllowed Ips - Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- Geo
Status intTimeout - The amount of seconds after which a request to get a secondary node status times out.
- Git
Rate []stringLimit Users Allowlists - List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
- Git
Two intFactor Session Expiry - Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- Gitaly
Timeout intDefault - Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- Gitaly
Timeout intFast - Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- Gitaly
Timeout intMedium - Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- Grafana
Enabled bool - Enable Grafana.
- Grafana
Url string - Grafana URL.
- Gravatar
Enabled bool - Enable Gravatar.
- Group
Owners boolCan Manage Default Branch Protection - Prevent overrides of default branch protection.
- Hashed
Storage boolEnabled - Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- Help
Page boolHide Commercial Content - Hide marketing-related entries from help.
- Help
Page stringSupport Url - Alternate support URL for help page and help dropdown.
- Help
Page stringText - Custom text displayed on the help page.
- Help
Text string - GitLab server administrator information.
- Hide
Third boolParty Offers - Do not display offers from third parties in GitLab.
- Home
Page stringUrl - Redirect to this URL when not logged in.
- Housekeeping
Enabled bool - Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
- Housekeeping
Full intRepack Period - Number of Git pushes after which an incremental git repack is run.
- Housekeeping
Gc intPeriod - Number of Git pushes after which git gc is run.
- Housekeeping
Incremental intRepack Period - Number of Git pushes after which an incremental git repack is run.
- Housekeeping
Optimize intRepository Period - Number of Git pushes after which an incremental git repack is run.
- Html
Emails boolEnabled - Enable HTML emails.
- Import
Sources []string - Sources to allow project import from. Valid values are:
github,bitbucket,bitbucket_server,fogbugz,git,gitlab.Project,gitea,manifest - In
Product boolMarketing Emails Enabled - Enable in-product marketing emails.
- Inactive
Projects intDelete After Months - If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Inactive
Projects intMin Size Mb - If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Inactive
Projects intSend Warning Email After Months - If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Invisible
Captcha boolEnabled - Enable Invisible CAPTCHA spam detection during sign-up.
- Issues
Create intLimit - Max number of issue creation requests per minute per user.
- Keep
Latest boolArtifact - Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
- Local
Markdown intVersion - Increase this value when any cached Markdown should be invalidated.
- Mailgun
Events boolEnabled - Enable Mailgun event receiver.
- Mailgun
Signing stringKey - The Mailgun HTTP webhook signing key for receiving events from webhook.
- Maintenance
Mode bool - When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- Maintenance
Mode stringMessage - Message displayed when instance is in maintenance mode.
- Max
Artifacts intSize - Maximum artifacts size in MB.
- Max
Attachment intSize - Limit attachment size in MB.
- Max
Export intSize - Maximum export size in MB. 0 for unlimited.
- Max
Import intSize - Maximum import size in MB. 0 for unlimited.
- Max
Number intOf Repository Downloads - Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- Max
Number intOf Repository Downloads Within Time Period - Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- Max
Pages intSize - Maximum size of pages repositories in MB.
- Max
Personal intAccess Token Lifetime - Maximum allowable lifetime for access tokens in days.
- Max
Ssh intKey Lifetime - Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- Max
Terraform intState Size Bytes - Metrics
Method intCall Threshold - A method call is only tracked when it takes longer than the given amount of milliseconds.
- Minimum
Password intLength - Indicates whether passwords require a minimum length. Introduced in GitLab 15.1. Premium and Ultimate only.
- Mirror
Available bool - Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- Mirror
Capacity intThreshold - Minimum capacity to be available before scheduling more mirrors preemptively.
- Mirror
Max intCapacity - Maximum number of mirrors that can be synchronizing at the same time.
- Mirror
Max intDelay - Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- Npm
Package boolRequests Forwarding - Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- Outbound
Local []stringRequests Whitelists - Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- Package
Registry intCleanup Policies Worker Capacity - Number of workers assigned to the packages cleanup policies.
- Pages
Domain boolVerification Enabled - Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- Password
Authentication boolEnabled For Git - Enable authentication for Git over HTTP(S) via a GitLab account password.
- Password
Authentication boolEnabled For Web - Enable authentication for the web interface via a GitLab account password.
- Password
Lowercase boolRequired - Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- Password
Number boolRequired - Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- Password
Symbol boolRequired - Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- Password
Uppercase boolRequired - Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- Performance
Bar stringAllowed Group Path - Path of the group that is allowed to toggle the performance bar.
- Personal
Access stringToken Prefix - Prefix for all generated personal access tokens.
- Pipeline
Limit intPer Project User Sha - Maximum number of pipeline creation requests per minute per user and commit.
- Plantuml
Enabled bool - (If enabled, requires: plantuml_url) Enable PlantUML integration.
- Plantuml
Url string - The PlantUML instance URL for integration.
- Polling
Interval float64Multiplier - Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- Project
Export boolEnabled - Enable project export.
- Prometheus
Metrics boolEnabled - Enable Prometheus metrics.
- Protected
Ci boolVariables - CI/CD variables are protected by default.
- Push
Event intActivities Limit - Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- Push
Event intHooks Limit - Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- Pypi
Package boolRequests Forwarding - Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- Rate
Limiting stringResponse Text - When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- Raw
Blob intRequest Limit - Max number of requests per minute for each raw path. To disable throttling set to 0.
- Recaptcha
Enabled bool - (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- Recaptcha
Private stringKey - Private key for reCAPTCHA.
- Recaptcha
Site stringKey - Site key for reCAPTCHA.
- Receive
Max intInput Size - Maximum push size (MB).
- Repository
Checks boolEnabled - GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- Repository
Size intLimit - Size limit per repository (MB).
- Repository
Storages []string - (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- Repository
Storages map[string]intWeighted - (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- Require
Admin boolApproval After User Signup - When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- Require
Two boolFactor Authentication - (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- Restricted
Visibility []stringLevels - Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
- Rsa
Key intRestriction - The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
- Search
Rate intLimit - Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
- Search
Rate intLimit Unauthenticated - Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
- Send
User boolConfirmation Email - Send confirmation email on sign-up.
- Session
Expire intDelay - Session duration in minutes. GitLab restart is required to apply changes.
- bool
- (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- int
- Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- string
- Shared runners text.
- Sidekiq
Job intLimiter Compression Threshold Bytes - The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
- Sidekiq
Job intLimiter Limit Bytes - The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
- Sidekiq
Job stringLimiter Mode - track or compress. Sets the behavior for Sidekiq job size limits.
- Sign
In stringText - Text on the login page.
- Signup
Enabled bool - Enable registration.
- Slack
App boolEnabled - (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- Slack
App stringId - The app ID of the Slack-app.
- Slack
App stringSecret - The app secret of the Slack-app.
- Slack
App stringSigning Secret - The signing secret of the Slack-app.
- Slack
App stringVerification Token - The verification token of the Slack-app.
- Snippet
Size intLimit - Max snippet content size in bytes.
- Snowplow
App stringId - The Snowplow site name / application ID. (for example, gitlab)
- Snowplow
Collector stringHostname - The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- string
- The Snowplow cookie domain. (for example, .gitlab.com)
- Snowplow
Enabled bool - Enable snowplow tracking.
- Sourcegraph
Enabled bool - Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
- Sourcegraph
Public boolOnly - Blocks Sourcegraph from being loaded on private and internal projects.
- Sourcegraph
Url string - The Sourcegraph instance URL for integration.
- Spam
Check stringApi Key - API key used by GitLab for accessing the Spam Check service endpoint.
- Spam
Check boolEndpoint Enabled - Enables spam checking using external Spam Check API endpoint.
- Spam
Check stringEndpoint Url - URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- Suggest
Pipeline boolEnabled - Enable pipeline suggestion banner.
- Terminal
Max intSession Time - Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- Terms string
- (Required by: enforce_terms) Markdown content for the ToS.
- Throttle
Authenticated boolApi Enabled - (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Authenticated intApi Period In Seconds - Rate limit period (in seconds).
- Throttle
Authenticated intApi Requests Per Period - Maximum requests per period per user.
- Throttle
Authenticated boolPackages Api Enabled - (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- Throttle
Authenticated intPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- Throttle
Authenticated intPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- Throttle
Authenticated boolWeb Enabled - (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Authenticated intWeb Period In Seconds - Rate limit period (in seconds).
- Throttle
Authenticated intWeb Requests Per Period - Maximum requests per period per user.
- Throttle
Unauthenticated boolApi Enabled - (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Unauthenticated intApi Period In Seconds - Rate limit period in seconds.
- Throttle
Unauthenticated intApi Requests Per Period - Max requests per period per IP.
- Throttle
Unauthenticated boolPackages Api Enabled - (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- Throttle
Unauthenticated intPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- Throttle
Unauthenticated intPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- Throttle
Unauthenticated boolWeb Enabled - (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Unauthenticated intWeb Period In Seconds - Rate limit period in seconds.
- Throttle
Unauthenticated intWeb Requests Per Period - Max requests per period per IP.
- Time
Tracking boolLimit To Hours - Limit display of time tracking units to hours.
- Two
Factor intGrace Period - Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- Unique
Ips boolLimit Enabled - (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- Unique
Ips intLimit Per User - Maximum number of IPs per user.
- Unique
Ips intLimit Time Window - How many seconds an IP is counted towards the limit.
- Usage
Ping boolEnabled - Every week GitLab reports license usage back to GitLab, Inc.
- User
Deactivation boolEmails Enabled - Send an email to users upon account deactivation.
- User
Default boolExternal - Newly registered users are external by default.
- User
Default stringInternal Regex - Specify an email address regex pattern to identify default internal users.
- User
Oauth boolApplications - Allow users to register any application to use GitLab as an OAuth provider.
- User
Show boolAdd Ssh Key Message - When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- Version
Check boolEnabled - Let GitLab inform you when an update is available.
- Web
Ide boolClientside Preview Enabled - Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- Whats
New stringVariant - What’s new variant, possible values: alltiers, currenttier, and disabled.
- Wiki
Page intMax Content Bytes - Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
- abuse
Notification StringEmail - If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- admin
Mode Boolean - Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- after
Sign StringOut Path - Where to redirect users after logout.
- after
Sign StringUp Text - Text shown to the user after signing up.
- String
- API key for Akismet spam protection.
- Boolean
- (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- allow
Account BooleanDeletion - Set to true to allow users to delete their accounts. Premium and Ultimate only.
- allow
Group BooleanOwners To Manage Ldap - Set to true to allow group owners to manage LDAP.
- allow
Local BooleanRequests From System Hooks - Allow requests to the local network from system hooks.
- allow
Local BooleanRequests From Web Hooks And Services - Allow requests to the local network from web hooks and services.
- allow
Project BooleanCreation For Guest And Below - Indicates whether users assigned up to the Guest role can create groups and personal projects.
- allow
Runner BooleanRegistration Token - Allow using a registration token to create a runner.
- archive
Builds StringIn Human Readable - Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- asciidoc
Max IntegerIncludes - Maximum limit of AsciiDoc include directives being processed in any one document. Maximum: 64.
- asset
Proxy List<String>Allowlists - Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- asset
Proxy BooleanEnabled - (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- asset
Proxy StringSecret Key - Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- asset
Proxy StringUrl - URL of the asset proxy server. GitLab restart is required to apply changes.
- Boolean
- By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- auto
Ban BooleanUser On Excessive Projects Download - When enabled, users will get automatically banned from the application when they download more than the maximum number of unique projects in the time period specified by maxnumberofrepositorydownloads and maxnumberofrepositorydownloadswithintime_period respectively. Introduced in GitLab 15.4. Self-managed, Ultimate only.
- auto
Devops StringDomain - Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- auto
Devops BooleanEnabled - Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- automatic
Purchased BooleanStorage Allocation - Enabling this permits automatic allocation of purchased storage in a namespace.
- bulk
Import IntegerConcurrent Pipeline Batch Limit - Maximum simultaneous Direct Transfer batches to process.
- bulk
Import BooleanEnabled - Enable migrating GitLab groups by direct transfer. Introduced in GitLab 15.8.
- bulk
Import IntegerMax Download File Size - Maximum download file size when importing from source GitLab instances by direct transfer. Introduced in GitLab 16.3.
- can
Create BooleanGroup - Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
- check
Namespace BooleanPlan - Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- ci
Max IntegerIncludes - The maximum number of includes per pipeline.
- ci
Max IntegerTotal Yaml Size Bytes - The maximum amount of memory, in bytes, that can be allocated for the pipeline configuration, with all included YAML configuration files.
- commit
Email StringHostname - Custom hostname (for private commit emails).
- concurrent
Bitbucket IntegerImport Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Cloud importer. Introduced in GitLab 16.11.
- concurrent
Bitbucket IntegerServer Import Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Server importer. Introduced in GitLab 16.11.
- concurrent
Github IntegerImport Jobs Limit - Maximum number of simultaneous import jobs for the GitHub importer. Introduced in GitLab 16.11.
- container
Expiration BooleanPolicies Enable Historic Entries - Enable cleanup policies for all projects.
- Integer
- The maximum number of tags that can be deleted in a single execution of cleanup policies.
- Integer
- The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- container
Registry BooleanExpiration Policies Caching - Caching during the execution of cleanup policies.
- container
Registry IntegerExpiration Policies Worker Capacity - Number of workers for cleanup policies.
- container
Registry IntegerToken Expire Delay - Container Registry token duration in minutes.
- deactivate
Dormant BooleanUsers - Enable automatic deactivation of dormant users.
- deactivate
Dormant IntegerUsers Period - Length of time (in days) after which a user is considered dormant. Introduced in GitLab 15.3.
- decompress
Archive IntegerFile Timeout - Default timeout for decompressing archived files, in seconds. Set to 0 to disable timeouts. Introduced in GitLab 16.4.
- default
Artifacts StringExpire In - Set the default expiration time for each job’s artifacts.
- default
Branch StringName - Instance-level custom initial branch name (introduced in GitLab 13.2).
- default
Branch IntegerProtection - Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- default
Branch ApplicationProtection Defaults Settings Default Branch Protection Defaults - The defaultbranchprotection*defaults attribute describes the default branch protection defaults. All parameters are optional.
- default
Ci StringConfig Path - Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- default
Group StringVisibility - What visibility level new groups receive. Can take private, internal and public as a parameter.
- default
Preferred StringLanguage - Default preferred language for users who are not logged in.
- default
Project IntegerCreation - Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- default
Project StringVisibility - What visibility level new projects receive. Can take private, internal and public as a parameter.
- default
Projects IntegerLimit - Project limit per user.
- default
Snippet StringVisibility - What visibility level new snippets receive. Can take private, internal and public as a parameter.
- default
Syntax IntegerHighlighting Theme - Default syntax highlighting theme for users who are new or not signed in. See IDs of available themes (https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/themes.rb#L16)
- delete
Inactive BooleanProjects - Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
- delete
Unconfirmed BooleanUsers - Specifies whether users who have not confirmed their email should be deleted. When set to true, unconfirmed users are deleted after unconfirmedusersdeleteafterdays days. Introduced in GitLab 16.1. Self-managed, Premium and Ultimate only.
- deletion
Adjourned IntegerPeriod - The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
- diagramsnet
Enabled Boolean - (If enabled, requires diagramsnet_url) Enable Diagrams.net integration.
- diagramsnet
Url String - The Diagrams.net instance URL for integration.
- diff
Max IntegerFiles - Maximum files in a diff.
- diff
Max IntegerLines - Maximum lines in a diff.
- diff
Max IntegerPatch Bytes - Maximum diff patch size, in bytes.
- disable
Admin BooleanOauth Scopes - Stops administrators from connecting their GitLab accounts to non-trusted OAuth 2.0 applications that have the api, readapi, readrepository, writerepository, readregistry, write_registry, or sudo scopes. Introduced in GitLab 15.6.
- disable
Feed BooleanToken - Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- disable
Personal BooleanAccess Tokens - Disable personal access tokens. Introduced in GitLab 15.7. Self-managed, Premium and Ultimate only. There is no method available to enable a personal access token that’s been disabled through the API. This is a known issue.
- disabled
Oauth List<String>Sign In Sources - Disabled OAuth sign-in sources.
- dns
Rebinding BooleanProtection Enabled - Enforce DNS rebinding attack protection.
- domain
Allowlists List<String> - Force people to use only corporate emails for sign-up. Null means there is no restriction.
- domain
Denylist BooleanEnabled - (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- domain
Denylists List<String> - Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- downstream
Pipeline IntegerTrigger Limit Per Project User Sha - Maximum downstream pipeline trigger rate. Introduced in GitLab 16.10.
- dsa
Key IntegerRestriction - The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
- duo
Features BooleanEnabled - Indicates whether GitLab Duo features are enabled for this instance. Introduced in GitLab 16.10. Self-managed, Premium and Ultimate only.
- ecdsa
Key IntegerRestriction - The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
- ecdsa
Sk IntegerKey Restriction - The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
- ed25519Key
Restriction Integer - The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
- ed25519Sk
Key IntegerRestriction - The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
- eks
Access StringKey Id - AWS IAM access key ID.
- eks
Account StringId - Amazon account ID.
- eks
Integration BooleanEnabled - Enable integration with Amazon EKS.
- eks
Secret StringAccess Key - AWS IAM secret access key.
- elasticsearch
Aws Boolean - Enable the use of AWS hosted Elasticsearch.
- elasticsearch
Aws StringAccess Key - AWS IAM access key.
- elasticsearch
Aws StringRegion - The AWS region the Elasticsearch domain is configured.
- elasticsearch
Aws StringSecret Access Key - AWS IAM secret access key.
- elasticsearch
Indexed IntegerField Length Limit - Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- elasticsearch
Indexed IntegerFile Size Limit Kb - Maximum size of repository and wiki files that are indexed by Elasticsearch.
- elasticsearch
Indexing Boolean - Enable Elasticsearch indexing.
- elasticsearch
Limit BooleanIndexing - Limit Elasticsearch to index certain namespaces and projects.
- elasticsearch
Max IntegerBulk Concurrency - Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- elasticsearch
Max IntegerBulk Size Mb - Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- elasticsearch
Namespace List<Integer>Ids - The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch
Password String - The password of your Elasticsearch instance.
- elasticsearch
Project List<Integer>Ids - The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch
Search Boolean - Enable Elasticsearch search.
- elasticsearch
Urls List<String> - The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- elasticsearch
Username String - The username of your Elasticsearch instance.
- email
Additional StringText - Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- Boolean
- Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- enabled
Git StringAccess Protocol - Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- enforce
Namespace BooleanStorage Limit - Enabling this permits enforcement of namespace storage limits.
- enforce
Terms Boolean - (If enabled, requires: terms) Enforce application ToS to all users.
- external
Auth StringClient Cert - (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- external
Auth StringClient Key - Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- external
Auth StringClient Key Pass - Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- String
- The default classification label to use when requesting authorization and no classification label has been specified on the project.
- Boolean
- (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- Double
- The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- String
- URL to which authorization requests are directed.
- external
Pipeline IntegerValidation Service Timeout - How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- external
Pipeline StringValidation Service Token - Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- external
Pipeline StringValidation Service Url - URL to use for pipeline validation requests.
- file
Template IntegerProject Id - The ID of a project to load custom file templates from.
- first
Day IntegerOf Week - Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
- geo
Node StringAllowed Ips - Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- geo
Status IntegerTimeout - The amount of seconds after which a request to get a secondary node status times out.
- git
Rate List<String>Limit Users Allowlists - List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
- git
Two IntegerFactor Session Expiry - Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- gitaly
Timeout IntegerDefault - Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- gitaly
Timeout IntegerFast - Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- gitaly
Timeout IntegerMedium - Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- grafana
Enabled Boolean - Enable Grafana.
- grafana
Url String - Grafana URL.
- gravatar
Enabled Boolean - Enable Gravatar.
- group
Owners BooleanCan Manage Default Branch Protection - Prevent overrides of default branch protection.
- hashed
Storage BooleanEnabled - Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- help
Page BooleanHide Commercial Content - Hide marketing-related entries from help.
- help
Page StringSupport Url - Alternate support URL for help page and help dropdown.
- help
Page StringText - Custom text displayed on the help page.
- help
Text String - GitLab server administrator information.
- hide
Third BooleanParty Offers - Do not display offers from third parties in GitLab.
- home
Page StringUrl - Redirect to this URL when not logged in.
- housekeeping
Enabled Boolean - Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
- housekeeping
Full IntegerRepack Period - Number of Git pushes after which an incremental git repack is run.
- housekeeping
Gc IntegerPeriod - Number of Git pushes after which git gc is run.
- housekeeping
Incremental IntegerRepack Period - Number of Git pushes after which an incremental git repack is run.
- housekeeping
Optimize IntegerRepository Period - Number of Git pushes after which an incremental git repack is run.
- html
Emails BooleanEnabled - Enable HTML emails.
- import
Sources List<String> - Sources to allow project import from. Valid values are:
github,bitbucket,bitbucket_server,fogbugz,git,gitlab.Project,gitea,manifest - in
Product BooleanMarketing Emails Enabled - Enable in-product marketing emails.
- inactive
Projects IntegerDelete After Months - If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive
Projects IntegerMin Size Mb - If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive
Projects IntegerSend Warning Email After Months - If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- invisible
Captcha BooleanEnabled - Enable Invisible CAPTCHA spam detection during sign-up.
- issues
Create IntegerLimit - Max number of issue creation requests per minute per user.
- keep
Latest BooleanArtifact - Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
- local
Markdown IntegerVersion - Increase this value when any cached Markdown should be invalidated.
- mailgun
Events BooleanEnabled - Enable Mailgun event receiver.
- mailgun
Signing StringKey - The Mailgun HTTP webhook signing key for receiving events from webhook.
- maintenance
Mode Boolean - When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- maintenance
Mode StringMessage - Message displayed when instance is in maintenance mode.
- max
Artifacts IntegerSize - Maximum artifacts size in MB.
- max
Attachment IntegerSize - Limit attachment size in MB.
- max
Export IntegerSize - Maximum export size in MB. 0 for unlimited.
- max
Import IntegerSize - Maximum import size in MB. 0 for unlimited.
- max
Number IntegerOf Repository Downloads - Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- max
Number IntegerOf Repository Downloads Within Time Period - Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- max
Pages IntegerSize - Maximum size of pages repositories in MB.
- max
Personal IntegerAccess Token Lifetime - Maximum allowable lifetime for access tokens in days.
- max
Ssh IntegerKey Lifetime - Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- max
Terraform IntegerState Size Bytes - metrics
Method IntegerCall Threshold - A method call is only tracked when it takes longer than the given amount of milliseconds.
- minimum
Password IntegerLength - Indicates whether passwords require a minimum length. Introduced in GitLab 15.1. Premium and Ultimate only.
- mirror
Available Boolean - Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- mirror
Capacity IntegerThreshold - Minimum capacity to be available before scheduling more mirrors preemptively.
- mirror
Max IntegerCapacity - Maximum number of mirrors that can be synchronizing at the same time.
- mirror
Max IntegerDelay - Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- npm
Package BooleanRequests Forwarding - Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- outbound
Local List<String>Requests Whitelists - Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- package
Registry IntegerCleanup Policies Worker Capacity - Number of workers assigned to the packages cleanup policies.
- pages
Domain BooleanVerification Enabled - Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- password
Authentication BooleanEnabled For Git - Enable authentication for Git over HTTP(S) via a GitLab account password.
- password
Authentication BooleanEnabled For Web - Enable authentication for the web interface via a GitLab account password.
- password
Lowercase BooleanRequired - Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- password
Number BooleanRequired - Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- password
Symbol BooleanRequired - Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- password
Uppercase BooleanRequired - Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- performance
Bar StringAllowed Group Path - Path of the group that is allowed to toggle the performance bar.
- personal
Access StringToken Prefix - Prefix for all generated personal access tokens.
- pipeline
Limit IntegerPer Project User Sha - Maximum number of pipeline creation requests per minute per user and commit.
- plantuml
Enabled Boolean - (If enabled, requires: plantuml_url) Enable PlantUML integration.
- plantuml
Url String - The PlantUML instance URL for integration.
- polling
Interval DoubleMultiplier - Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- project
Export BooleanEnabled - Enable project export.
- prometheus
Metrics BooleanEnabled - Enable Prometheus metrics.
- protected
Ci BooleanVariables - CI/CD variables are protected by default.
- push
Event IntegerActivities Limit - Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- push
Event IntegerHooks Limit - Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- pypi
Package BooleanRequests Forwarding - Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- rate
Limiting StringResponse Text - When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- raw
Blob IntegerRequest Limit - Max number of requests per minute for each raw path. To disable throttling set to 0.
- recaptcha
Enabled Boolean - (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- recaptcha
Private StringKey - Private key for reCAPTCHA.
- recaptcha
Site StringKey - Site key for reCAPTCHA.
- receive
Max IntegerInput Size - Maximum push size (MB).
- repository
Checks BooleanEnabled - GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- repository
Size IntegerLimit - Size limit per repository (MB).
- repository
Storages List<String> - (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- repository
Storages Map<String,Integer>Weighted - (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- require
Admin BooleanApproval After User Signup - When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- require
Two BooleanFactor Authentication - (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- restricted
Visibility List<String>Levels - Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
- rsa
Key IntegerRestriction - The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
- search
Rate IntegerLimit - Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
- search
Rate IntegerLimit Unauthenticated - Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
- send
User BooleanConfirmation Email - Send confirmation email on sign-up.
- session
Expire IntegerDelay - Session duration in minutes. GitLab restart is required to apply changes.
- Boolean
- (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- Integer
- Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- String
- Shared runners text.
- sidekiq
Job IntegerLimiter Compression Threshold Bytes - The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
- sidekiq
Job IntegerLimiter Limit Bytes - The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
- sidekiq
Job StringLimiter Mode - track or compress. Sets the behavior for Sidekiq job size limits.
- sign
In StringText - Text on the login page.
- signup
Enabled Boolean - Enable registration.
- slack
App BooleanEnabled - (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- slack
App StringId - The app ID of the Slack-app.
- slack
App StringSecret - The app secret of the Slack-app.
- slack
App StringSigning Secret - The signing secret of the Slack-app.
- slack
App StringVerification Token - The verification token of the Slack-app.
- snippet
Size IntegerLimit - Max snippet content size in bytes.
- snowplow
App StringId - The Snowplow site name / application ID. (for example, gitlab)
- snowplow
Collector StringHostname - The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- String
- The Snowplow cookie domain. (for example, .gitlab.com)
- snowplow
Enabled Boolean - Enable snowplow tracking.
- sourcegraph
Enabled Boolean - Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
- sourcegraph
Public BooleanOnly - Blocks Sourcegraph from being loaded on private and internal projects.
- sourcegraph
Url String - The Sourcegraph instance URL for integration.
- spam
Check StringApi Key - API key used by GitLab for accessing the Spam Check service endpoint.
- spam
Check BooleanEndpoint Enabled - Enables spam checking using external Spam Check API endpoint.
- spam
Check StringEndpoint Url - URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- suggest
Pipeline BooleanEnabled - Enable pipeline suggestion banner.
- terminal
Max IntegerSession Time - Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- terms String
- (Required by: enforce_terms) Markdown content for the ToS.
- throttle
Authenticated BooleanApi Enabled - (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Authenticated IntegerApi Period In Seconds - Rate limit period (in seconds).
- throttle
Authenticated IntegerApi Requests Per Period - Maximum requests per period per user.
- throttle
Authenticated BooleanPackages Api Enabled - (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle
Authenticated IntegerPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle
Authenticated IntegerPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle
Authenticated BooleanWeb Enabled - (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Authenticated IntegerWeb Period In Seconds - Rate limit period (in seconds).
- throttle
Authenticated IntegerWeb Requests Per Period - Maximum requests per period per user.
- throttle
Unauthenticated BooleanApi Enabled - (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Unauthenticated IntegerApi Period In Seconds - Rate limit period in seconds.
- throttle
Unauthenticated IntegerApi Requests Per Period - Max requests per period per IP.
- throttle
Unauthenticated BooleanPackages Api Enabled - (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle
Unauthenticated IntegerPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle
Unauthenticated IntegerPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle
Unauthenticated BooleanWeb Enabled - (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Unauthenticated IntegerWeb Period In Seconds - Rate limit period in seconds.
- throttle
Unauthenticated IntegerWeb Requests Per Period - Max requests per period per IP.
- time
Tracking BooleanLimit To Hours - Limit display of time tracking units to hours.
- two
Factor IntegerGrace Period - Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- unique
Ips BooleanLimit Enabled - (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- unique
Ips IntegerLimit Per User - Maximum number of IPs per user.
- unique
Ips IntegerLimit Time Window - How many seconds an IP is counted towards the limit.
- usage
Ping BooleanEnabled - Every week GitLab reports license usage back to GitLab, Inc.
- user
Deactivation BooleanEmails Enabled - Send an email to users upon account deactivation.
- user
Default BooleanExternal - Newly registered users are external by default.
- user
Default StringInternal Regex - Specify an email address regex pattern to identify default internal users.
- user
Oauth BooleanApplications - Allow users to register any application to use GitLab as an OAuth provider.
- user
Show BooleanAdd Ssh Key Message - When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- version
Check BooleanEnabled - Let GitLab inform you when an update is available.
- web
Ide BooleanClientside Preview Enabled - Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- whats
New StringVariant - What’s new variant, possible values: alltiers, currenttier, and disabled.
- wiki
Page IntegerMax Content Bytes - Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
- abuse
Notification stringEmail - If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- admin
Mode boolean - Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- after
Sign stringOut Path - Where to redirect users after logout.
- after
Sign stringUp Text - Text shown to the user after signing up.
- string
- API key for Akismet spam protection.
- boolean
- (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- allow
Account booleanDeletion - Set to true to allow users to delete their accounts. Premium and Ultimate only.
- allow
Group booleanOwners To Manage Ldap - Set to true to allow group owners to manage LDAP.
- allow
Local booleanRequests From System Hooks - Allow requests to the local network from system hooks.
- allow
Local booleanRequests From Web Hooks And Services - Allow requests to the local network from web hooks and services.
- allow
Project booleanCreation For Guest And Below - Indicates whether users assigned up to the Guest role can create groups and personal projects.
- allow
Runner booleanRegistration Token - Allow using a registration token to create a runner.
- archive
Builds stringIn Human Readable - Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- asciidoc
Max numberIncludes - Maximum limit of AsciiDoc include directives being processed in any one document. Maximum: 64.
- asset
Proxy string[]Allowlists - Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- asset
Proxy booleanEnabled - (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- asset
Proxy stringSecret Key - Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- asset
Proxy stringUrl - URL of the asset proxy server. GitLab restart is required to apply changes.
- boolean
- By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- auto
Ban booleanUser On Excessive Projects Download - When enabled, users will get automatically banned from the application when they download more than the maximum number of unique projects in the time period specified by maxnumberofrepositorydownloads and maxnumberofrepositorydownloadswithintime_period respectively. Introduced in GitLab 15.4. Self-managed, Ultimate only.
- auto
Devops stringDomain - Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- auto
Devops booleanEnabled - Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- automatic
Purchased booleanStorage Allocation - Enabling this permits automatic allocation of purchased storage in a namespace.
- bulk
Import numberConcurrent Pipeline Batch Limit - Maximum simultaneous Direct Transfer batches to process.
- bulk
Import booleanEnabled - Enable migrating GitLab groups by direct transfer. Introduced in GitLab 15.8.
- bulk
Import numberMax Download File Size - Maximum download file size when importing from source GitLab instances by direct transfer. Introduced in GitLab 16.3.
- can
Create booleanGroup - Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
- check
Namespace booleanPlan - Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- ci
Max numberIncludes - The maximum number of includes per pipeline.
- ci
Max numberTotal Yaml Size Bytes - The maximum amount of memory, in bytes, that can be allocated for the pipeline configuration, with all included YAML configuration files.
- commit
Email stringHostname - Custom hostname (for private commit emails).
- concurrent
Bitbucket numberImport Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Cloud importer. Introduced in GitLab 16.11.
- concurrent
Bitbucket numberServer Import Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Server importer. Introduced in GitLab 16.11.
- concurrent
Github numberImport Jobs Limit - Maximum number of simultaneous import jobs for the GitHub importer. Introduced in GitLab 16.11.
- container
Expiration booleanPolicies Enable Historic Entries - Enable cleanup policies for all projects.
- number
- The maximum number of tags that can be deleted in a single execution of cleanup policies.
- number
- The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- container
Registry booleanExpiration Policies Caching - Caching during the execution of cleanup policies.
- container
Registry numberExpiration Policies Worker Capacity - Number of workers for cleanup policies.
- container
Registry numberToken Expire Delay - Container Registry token duration in minutes.
- deactivate
Dormant booleanUsers - Enable automatic deactivation of dormant users.
- deactivate
Dormant numberUsers Period - Length of time (in days) after which a user is considered dormant. Introduced in GitLab 15.3.
- decompress
Archive numberFile Timeout - Default timeout for decompressing archived files, in seconds. Set to 0 to disable timeouts. Introduced in GitLab 16.4.
- default
Artifacts stringExpire In - Set the default expiration time for each job’s artifacts.
- default
Branch stringName - Instance-level custom initial branch name (introduced in GitLab 13.2).
- default
Branch numberProtection - Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- default
Branch ApplicationProtection Defaults Settings Default Branch Protection Defaults - The defaultbranchprotection*defaults attribute describes the default branch protection defaults. All parameters are optional.
- default
Ci stringConfig Path - Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- default
Group stringVisibility - What visibility level new groups receive. Can take private, internal and public as a parameter.
- default
Preferred stringLanguage - Default preferred language for users who are not logged in.
- default
Project numberCreation - Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- default
Project stringVisibility - What visibility level new projects receive. Can take private, internal and public as a parameter.
- default
Projects numberLimit - Project limit per user.
- default
Snippet stringVisibility - What visibility level new snippets receive. Can take private, internal and public as a parameter.
- default
Syntax numberHighlighting Theme - Default syntax highlighting theme for users who are new or not signed in. See IDs of available themes (https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/themes.rb#L16)
- delete
Inactive booleanProjects - Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
- delete
Unconfirmed booleanUsers - Specifies whether users who have not confirmed their email should be deleted. When set to true, unconfirmed users are deleted after unconfirmedusersdeleteafterdays days. Introduced in GitLab 16.1. Self-managed, Premium and Ultimate only.
- deletion
Adjourned numberPeriod - The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
- diagramsnet
Enabled boolean - (If enabled, requires diagramsnet_url) Enable Diagrams.net integration.
- diagramsnet
Url string - The Diagrams.net instance URL for integration.
- diff
Max numberFiles - Maximum files in a diff.
- diff
Max numberLines - Maximum lines in a diff.
- diff
Max numberPatch Bytes - Maximum diff patch size, in bytes.
- disable
Admin booleanOauth Scopes - Stops administrators from connecting their GitLab accounts to non-trusted OAuth 2.0 applications that have the api, readapi, readrepository, writerepository, readregistry, write_registry, or sudo scopes. Introduced in GitLab 15.6.
- disable
Feed booleanToken - Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- disable
Personal booleanAccess Tokens - Disable personal access tokens. Introduced in GitLab 15.7. Self-managed, Premium and Ultimate only. There is no method available to enable a personal access token that’s been disabled through the API. This is a known issue.
- disabled
Oauth string[]Sign In Sources - Disabled OAuth sign-in sources.
- dns
Rebinding booleanProtection Enabled - Enforce DNS rebinding attack protection.
- domain
Allowlists string[] - Force people to use only corporate emails for sign-up. Null means there is no restriction.
- domain
Denylist booleanEnabled - (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- domain
Denylists string[] - Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- downstream
Pipeline numberTrigger Limit Per Project User Sha - Maximum downstream pipeline trigger rate. Introduced in GitLab 16.10.
- dsa
Key numberRestriction - The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
- duo
Features booleanEnabled - Indicates whether GitLab Duo features are enabled for this instance. Introduced in GitLab 16.10. Self-managed, Premium and Ultimate only.
- ecdsa
Key numberRestriction - The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
- ecdsa
Sk numberKey Restriction - The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
- ed25519Key
Restriction number - The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
- ed25519Sk
Key numberRestriction - The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
- eks
Access stringKey Id - AWS IAM access key ID.
- eks
Account stringId - Amazon account ID.
- eks
Integration booleanEnabled - Enable integration with Amazon EKS.
- eks
Secret stringAccess Key - AWS IAM secret access key.
- elasticsearch
Aws boolean - Enable the use of AWS hosted Elasticsearch.
- elasticsearch
Aws stringAccess Key - AWS IAM access key.
- elasticsearch
Aws stringRegion - The AWS region the Elasticsearch domain is configured.
- elasticsearch
Aws stringSecret Access Key - AWS IAM secret access key.
- elasticsearch
Indexed numberField Length Limit - Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- elasticsearch
Indexed numberFile Size Limit Kb - Maximum size of repository and wiki files that are indexed by Elasticsearch.
- elasticsearch
Indexing boolean - Enable Elasticsearch indexing.
- elasticsearch
Limit booleanIndexing - Limit Elasticsearch to index certain namespaces and projects.
- elasticsearch
Max numberBulk Concurrency - Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- elasticsearch
Max numberBulk Size Mb - Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- elasticsearch
Namespace number[]Ids - The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch
Password string - The password of your Elasticsearch instance.
- elasticsearch
Project number[]Ids - The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch
Search boolean - Enable Elasticsearch search.
- elasticsearch
Urls string[] - The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- elasticsearch
Username string - The username of your Elasticsearch instance.
- email
Additional stringText - Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- boolean
- Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- enabled
Git stringAccess Protocol - Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- enforce
Namespace booleanStorage Limit - Enabling this permits enforcement of namespace storage limits.
- enforce
Terms boolean - (If enabled, requires: terms) Enforce application ToS to all users.
- external
Auth stringClient Cert - (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- external
Auth stringClient Key - Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- external
Auth stringClient Key Pass - Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- string
- The default classification label to use when requesting authorization and no classification label has been specified on the project.
- boolean
- (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- number
- The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- string
- URL to which authorization requests are directed.
- external
Pipeline numberValidation Service Timeout - How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- external
Pipeline stringValidation Service Token - Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- external
Pipeline stringValidation Service Url - URL to use for pipeline validation requests.
- file
Template numberProject Id - The ID of a project to load custom file templates from.
- first
Day numberOf Week - Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
- geo
Node stringAllowed Ips - Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- geo
Status numberTimeout - The amount of seconds after which a request to get a secondary node status times out.
- git
Rate string[]Limit Users Allowlists - List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
- git
Two numberFactor Session Expiry - Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- gitaly
Timeout numberDefault - Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- gitaly
Timeout numberFast - Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- gitaly
Timeout numberMedium - Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- grafana
Enabled boolean - Enable Grafana.
- grafana
Url string - Grafana URL.
- gravatar
Enabled boolean - Enable Gravatar.
- group
Owners booleanCan Manage Default Branch Protection - Prevent overrides of default branch protection.
- hashed
Storage booleanEnabled - Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- help
Page booleanHide Commercial Content - Hide marketing-related entries from help.
- help
Page stringSupport Url - Alternate support URL for help page and help dropdown.
- help
Page stringText - Custom text displayed on the help page.
- help
Text string - GitLab server administrator information.
- hide
Third booleanParty Offers - Do not display offers from third parties in GitLab.
- home
Page stringUrl - Redirect to this URL when not logged in.
- housekeeping
Enabled boolean - Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
- housekeeping
Full numberRepack Period - Number of Git pushes after which an incremental git repack is run.
- housekeeping
Gc numberPeriod - Number of Git pushes after which git gc is run.
- housekeeping
Incremental numberRepack Period - Number of Git pushes after which an incremental git repack is run.
- housekeeping
Optimize numberRepository Period - Number of Git pushes after which an incremental git repack is run.
- html
Emails booleanEnabled - Enable HTML emails.
- import
Sources string[] - Sources to allow project import from. Valid values are:
github,bitbucket,bitbucket_server,fogbugz,git,gitlab.Project,gitea,manifest - in
Product booleanMarketing Emails Enabled - Enable in-product marketing emails.
- inactive
Projects numberDelete After Months - If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive
Projects numberMin Size Mb - If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive
Projects numberSend Warning Email After Months - If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- invisible
Captcha booleanEnabled - Enable Invisible CAPTCHA spam detection during sign-up.
- issues
Create numberLimit - Max number of issue creation requests per minute per user.
- keep
Latest booleanArtifact - Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
- local
Markdown numberVersion - Increase this value when any cached Markdown should be invalidated.
- mailgun
Events booleanEnabled - Enable Mailgun event receiver.
- mailgun
Signing stringKey - The Mailgun HTTP webhook signing key for receiving events from webhook.
- maintenance
Mode boolean - When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- maintenance
Mode stringMessage - Message displayed when instance is in maintenance mode.
- max
Artifacts numberSize - Maximum artifacts size in MB.
- max
Attachment numberSize - Limit attachment size in MB.
- max
Export numberSize - Maximum export size in MB. 0 for unlimited.
- max
Import numberSize - Maximum import size in MB. 0 for unlimited.
- max
Number numberOf Repository Downloads - Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- max
Number numberOf Repository Downloads Within Time Period - Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- max
Pages numberSize - Maximum size of pages repositories in MB.
- max
Personal numberAccess Token Lifetime - Maximum allowable lifetime for access tokens in days.
- max
Ssh numberKey Lifetime - Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- max
Terraform numberState Size Bytes - metrics
Method numberCall Threshold - A method call is only tracked when it takes longer than the given amount of milliseconds.
- minimum
Password numberLength - Indicates whether passwords require a minimum length. Introduced in GitLab 15.1. Premium and Ultimate only.
- mirror
Available boolean - Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- mirror
Capacity numberThreshold - Minimum capacity to be available before scheduling more mirrors preemptively.
- mirror
Max numberCapacity - Maximum number of mirrors that can be synchronizing at the same time.
- mirror
Max numberDelay - Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- npm
Package booleanRequests Forwarding - Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- outbound
Local string[]Requests Whitelists - Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- package
Registry numberCleanup Policies Worker Capacity - Number of workers assigned to the packages cleanup policies.
- pages
Domain booleanVerification Enabled - Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- password
Authentication booleanEnabled For Git - Enable authentication for Git over HTTP(S) via a GitLab account password.
- password
Authentication booleanEnabled For Web - Enable authentication for the web interface via a GitLab account password.
- password
Lowercase booleanRequired - Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- password
Number booleanRequired - Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- password
Symbol booleanRequired - Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- password
Uppercase booleanRequired - Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- performance
Bar stringAllowed Group Path - Path of the group that is allowed to toggle the performance bar.
- personal
Access stringToken Prefix - Prefix for all generated personal access tokens.
- pipeline
Limit numberPer Project User Sha - Maximum number of pipeline creation requests per minute per user and commit.
- plantuml
Enabled boolean - (If enabled, requires: plantuml_url) Enable PlantUML integration.
- plantuml
Url string - The PlantUML instance URL for integration.
- polling
Interval numberMultiplier - Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- project
Export booleanEnabled - Enable project export.
- prometheus
Metrics booleanEnabled - Enable Prometheus metrics.
- protected
Ci booleanVariables - CI/CD variables are protected by default.
- push
Event numberActivities Limit - Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- push
Event numberHooks Limit - Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- pypi
Package booleanRequests Forwarding - Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- rate
Limiting stringResponse Text - When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- raw
Blob numberRequest Limit - Max number of requests per minute for each raw path. To disable throttling set to 0.
- recaptcha
Enabled boolean - (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- recaptcha
Private stringKey - Private key for reCAPTCHA.
- recaptcha
Site stringKey - Site key for reCAPTCHA.
- receive
Max numberInput Size - Maximum push size (MB).
- repository
Checks booleanEnabled - GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- repository
Size numberLimit - Size limit per repository (MB).
- repository
Storages string[] - (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- repository
Storages {[key: string]: number}Weighted - (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- require
Admin booleanApproval After User Signup - When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- require
Two booleanFactor Authentication - (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- restricted
Visibility string[]Levels - Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
- rsa
Key numberRestriction - The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
- search
Rate numberLimit - Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
- search
Rate numberLimit Unauthenticated - Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
- send
User booleanConfirmation Email - Send confirmation email on sign-up.
- session
Expire numberDelay - Session duration in minutes. GitLab restart is required to apply changes.
- boolean
- (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- number
- Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- string
- Shared runners text.
- sidekiq
Job numberLimiter Compression Threshold Bytes - The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
- sidekiq
Job numberLimiter Limit Bytes - The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
- sidekiq
Job stringLimiter Mode - track or compress. Sets the behavior for Sidekiq job size limits.
- sign
In stringText - Text on the login page.
- signup
Enabled boolean - Enable registration.
- slack
App booleanEnabled - (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- slack
App stringId - The app ID of the Slack-app.
- slack
App stringSecret - The app secret of the Slack-app.
- slack
App stringSigning Secret - The signing secret of the Slack-app.
- slack
App stringVerification Token - The verification token of the Slack-app.
- snippet
Size numberLimit - Max snippet content size in bytes.
- snowplow
App stringId - The Snowplow site name / application ID. (for example, gitlab)
- snowplow
Collector stringHostname - The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- string
- The Snowplow cookie domain. (for example, .gitlab.com)
- snowplow
Enabled boolean - Enable snowplow tracking.
- sourcegraph
Enabled boolean - Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
- sourcegraph
Public booleanOnly - Blocks Sourcegraph from being loaded on private and internal projects.
- sourcegraph
Url string - The Sourcegraph instance URL for integration.
- spam
Check stringApi Key - API key used by GitLab for accessing the Spam Check service endpoint.
- spam
Check booleanEndpoint Enabled - Enables spam checking using external Spam Check API endpoint.
- spam
Check stringEndpoint Url - URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- suggest
Pipeline booleanEnabled - Enable pipeline suggestion banner.
- terminal
Max numberSession Time - Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- terms string
- (Required by: enforce_terms) Markdown content for the ToS.
- throttle
Authenticated booleanApi Enabled - (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Authenticated numberApi Period In Seconds - Rate limit period (in seconds).
- throttle
Authenticated numberApi Requests Per Period - Maximum requests per period per user.
- throttle
Authenticated booleanPackages Api Enabled - (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle
Authenticated numberPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle
Authenticated numberPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle
Authenticated booleanWeb Enabled - (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Authenticated numberWeb Period In Seconds - Rate limit period (in seconds).
- throttle
Authenticated numberWeb Requests Per Period - Maximum requests per period per user.
- throttle
Unauthenticated booleanApi Enabled - (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Unauthenticated numberApi Period In Seconds - Rate limit period in seconds.
- throttle
Unauthenticated numberApi Requests Per Period - Max requests per period per IP.
- throttle
Unauthenticated booleanPackages Api Enabled - (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle
Unauthenticated numberPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle
Unauthenticated numberPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle
Unauthenticated booleanWeb Enabled - (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Unauthenticated numberWeb Period In Seconds - Rate limit period in seconds.
- throttle
Unauthenticated numberWeb Requests Per Period - Max requests per period per IP.
- time
Tracking booleanLimit To Hours - Limit display of time tracking units to hours.
- two
Factor numberGrace Period - Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- unique
Ips booleanLimit Enabled - (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- unique
Ips numberLimit Per User - Maximum number of IPs per user.
- unique
Ips numberLimit Time Window - How many seconds an IP is counted towards the limit.
- usage
Ping booleanEnabled - Every week GitLab reports license usage back to GitLab, Inc.
- user
Deactivation booleanEmails Enabled - Send an email to users upon account deactivation.
- user
Default booleanExternal - Newly registered users are external by default.
- user
Default stringInternal Regex - Specify an email address regex pattern to identify default internal users.
- user
Oauth booleanApplications - Allow users to register any application to use GitLab as an OAuth provider.
- user
Show booleanAdd Ssh Key Message - When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- version
Check booleanEnabled - Let GitLab inform you when an update is available.
- web
Ide booleanClientside Preview Enabled - Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- whats
New stringVariant - What’s new variant, possible values: alltiers, currenttier, and disabled.
- wiki
Page numberMax Content Bytes - Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
- abuse_
notification_ stremail - If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- admin_
mode bool - Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- after_
sign_ strout_ path - Where to redirect users after logout.
- after_
sign_ strup_ text - Text shown to the user after signing up.
- str
- API key for Akismet spam protection.
- bool
- (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- allow_
account_ booldeletion - Set to true to allow users to delete their accounts. Premium and Ultimate only.
- allow_
group_ boolowners_ to_ manage_ ldap - Set to true to allow group owners to manage LDAP.
- allow_
local_ boolrequests_ from_ system_ hooks - Allow requests to the local network from system hooks.
- allow_
local_ boolrequests_ from_ web_ hooks_ and_ services - Allow requests to the local network from web hooks and services.
- allow_
project_ boolcreation_ for_ guest_ and_ below - Indicates whether users assigned up to the Guest role can create groups and personal projects.
- allow_
runner_ boolregistration_ token - Allow using a registration token to create a runner.
- archive_
builds_ strin_ human_ readable - Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- asciidoc_
max_ intincludes - Maximum limit of AsciiDoc include directives being processed in any one document. Maximum: 64.
- asset_
proxy_ Sequence[str]allowlists - Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- asset_
proxy_ boolenabled - (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- asset_
proxy_ strsecret_ key - Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- asset_
proxy_ strurl - URL of the asset proxy server. GitLab restart is required to apply changes.
- bool
- By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- auto_
ban_ booluser_ on_ excessive_ projects_ download - When enabled, users will get automatically banned from the application when they download more than the maximum number of unique projects in the time period specified by maxnumberofrepositorydownloads and maxnumberofrepositorydownloadswithintime_period respectively. Introduced in GitLab 15.4. Self-managed, Ultimate only.
- auto_
devops_ strdomain - Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- auto_
devops_ boolenabled - Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- automatic_
purchased_ boolstorage_ allocation - Enabling this permits automatic allocation of purchased storage in a namespace.
- bulk_
import_ intconcurrent_ pipeline_ batch_ limit - Maximum simultaneous Direct Transfer batches to process.
- bulk_
import_ boolenabled - Enable migrating GitLab groups by direct transfer. Introduced in GitLab 15.8.
- bulk_
import_ intmax_ download_ file_ size - Maximum download file size when importing from source GitLab instances by direct transfer. Introduced in GitLab 16.3.
- can_
create_ boolgroup - Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
- check_
namespace_ boolplan - Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- ci_
max_ intincludes - The maximum number of includes per pipeline.
- ci_
max_ inttotal_ yaml_ size_ bytes - The maximum amount of memory, in bytes, that can be allocated for the pipeline configuration, with all included YAML configuration files.
- commit_
email_ strhostname - Custom hostname (for private commit emails).
- concurrent_
bitbucket_ intimport_ jobs_ limit - Maximum number of simultaneous import jobs for the Bitbucket Cloud importer. Introduced in GitLab 16.11.
- concurrent_
bitbucket_ intserver_ import_ jobs_ limit - Maximum number of simultaneous import jobs for the Bitbucket Server importer. Introduced in GitLab 16.11.
- concurrent_
github_ intimport_ jobs_ limit - Maximum number of simultaneous import jobs for the GitHub importer. Introduced in GitLab 16.11.
- container_
expiration_ boolpolicies_ enable_ historic_ entries - Enable cleanup policies for all projects.
- int
- The maximum number of tags that can be deleted in a single execution of cleanup policies.
- int
- The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- container_
registry_ boolexpiration_ policies_ caching - Caching during the execution of cleanup policies.
- container_
registry_ intexpiration_ policies_ worker_ capacity - Number of workers for cleanup policies.
- container_
registry_ inttoken_ expire_ delay - Container Registry token duration in minutes.
- deactivate_
dormant_ boolusers - Enable automatic deactivation of dormant users.
- deactivate_
dormant_ intusers_ period - Length of time (in days) after which a user is considered dormant. Introduced in GitLab 15.3.
- decompress_
archive_ intfile_ timeout - Default timeout for decompressing archived files, in seconds. Set to 0 to disable timeouts. Introduced in GitLab 16.4.
- default_
artifacts_ strexpire_ in - Set the default expiration time for each job’s artifacts.
- default_
branch_ strname - Instance-level custom initial branch name (introduced in GitLab 13.2).
- default_
branch_ intprotection - Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- default_
branch_ Applicationprotection_ defaults Settings Default Branch Protection Defaults Args - The defaultbranchprotection*defaults attribute describes the default branch protection defaults. All parameters are optional.
- default_
ci_ strconfig_ path - Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- default_
group_ strvisibility - What visibility level new groups receive. Can take private, internal and public as a parameter.
- default_
preferred_ strlanguage - Default preferred language for users who are not logged in.
- default_
project_ intcreation - Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- default_
project_ strvisibility - What visibility level new projects receive. Can take private, internal and public as a parameter.
- default_
projects_ intlimit - Project limit per user.
- default_
snippet_ strvisibility - What visibility level new snippets receive. Can take private, internal and public as a parameter.
- default_
syntax_ inthighlighting_ theme - Default syntax highlighting theme for users who are new or not signed in. See IDs of available themes (https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/themes.rb#L16)
- delete_
inactive_ boolprojects - Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
- delete_
unconfirmed_ boolusers - Specifies whether users who have not confirmed their email should be deleted. When set to true, unconfirmed users are deleted after unconfirmedusersdeleteafterdays days. Introduced in GitLab 16.1. Self-managed, Premium and Ultimate only.
- deletion_
adjourned_ intperiod - The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
- diagramsnet_
enabled bool - (If enabled, requires diagramsnet_url) Enable Diagrams.net integration.
- diagramsnet_
url str - The Diagrams.net instance URL for integration.
- diff_
max_ intfiles - Maximum files in a diff.
- diff_
max_ intlines - Maximum lines in a diff.
- diff_
max_ intpatch_ bytes - Maximum diff patch size, in bytes.
- disable_
admin_ booloauth_ scopes - Stops administrators from connecting their GitLab accounts to non-trusted OAuth 2.0 applications that have the api, readapi, readrepository, writerepository, readregistry, write_registry, or sudo scopes. Introduced in GitLab 15.6.
- disable_
feed_ booltoken - Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- disable_
personal_ boolaccess_ tokens - Disable personal access tokens. Introduced in GitLab 15.7. Self-managed, Premium and Ultimate only. There is no method available to enable a personal access token that’s been disabled through the API. This is a known issue.
- disabled_
oauth_ Sequence[str]sign_ in_ sources - Disabled OAuth sign-in sources.
- dns_
rebinding_ boolprotection_ enabled - Enforce DNS rebinding attack protection.
- domain_
allowlists Sequence[str] - Force people to use only corporate emails for sign-up. Null means there is no restriction.
- domain_
denylist_ boolenabled - (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- domain_
denylists Sequence[str] - Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- downstream_
pipeline_ inttrigger_ limit_ per_ project_ user_ sha - Maximum downstream pipeline trigger rate. Introduced in GitLab 16.10.
- dsa_
key_ intrestriction - The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
- duo_
features_ boolenabled - Indicates whether GitLab Duo features are enabled for this instance. Introduced in GitLab 16.10. Self-managed, Premium and Ultimate only.
- ecdsa_
key_ intrestriction - The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
- ecdsa_
sk_ intkey_ restriction - The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
- ed25519_
key_ intrestriction - The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
- ed25519_
sk_ intkey_ restriction - The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
- eks_
access_ strkey_ id - AWS IAM access key ID.
- eks_
account_ strid - Amazon account ID.
- eks_
integration_ boolenabled - Enable integration with Amazon EKS.
- eks_
secret_ straccess_ key - AWS IAM secret access key.
- elasticsearch_
aws bool - Enable the use of AWS hosted Elasticsearch.
- elasticsearch_
aws_ straccess_ key - AWS IAM access key.
- elasticsearch_
aws_ strregion - The AWS region the Elasticsearch domain is configured.
- elasticsearch_
aws_ strsecret_ access_ key - AWS IAM secret access key.
- elasticsearch_
indexed_ intfield_ length_ limit - Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- elasticsearch_
indexed_ intfile_ size_ limit_ kb - Maximum size of repository and wiki files that are indexed by Elasticsearch.
- elasticsearch_
indexing bool - Enable Elasticsearch indexing.
- elasticsearch_
limit_ boolindexing - Limit Elasticsearch to index certain namespaces and projects.
- elasticsearch_
max_ intbulk_ concurrency - Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- elasticsearch_
max_ intbulk_ size_ mb - Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- elasticsearch_
namespace_ Sequence[int]ids - The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch_
password str - The password of your Elasticsearch instance.
- elasticsearch_
project_ Sequence[int]ids - The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch_
search bool - Enable Elasticsearch search.
- elasticsearch_
urls Sequence[str] - The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- elasticsearch_
username str - The username of your Elasticsearch instance.
- email_
additional_ strtext - Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- bool
- Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- enabled_
git_ straccess_ protocol - Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- enforce_
namespace_ boolstorage_ limit - Enabling this permits enforcement of namespace storage limits.
- enforce_
terms bool - (If enabled, requires: terms) Enforce application ToS to all users.
- external_
auth_ strclient_ cert - (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- external_
auth_ strclient_ key - Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- external_
auth_ strclient_ key_ pass - Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- str
- The default classification label to use when requesting authorization and no classification label has been specified on the project.
- bool
- (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- float
- The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- str
- URL to which authorization requests are directed.
- external_
pipeline_ intvalidation_ service_ timeout - How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- external_
pipeline_ strvalidation_ service_ token - Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- external_
pipeline_ strvalidation_ service_ url - URL to use for pipeline validation requests.
- file_
template_ intproject_ id - The ID of a project to load custom file templates from.
- first_
day_ intof_ week - Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
- geo_
node_ strallowed_ ips - Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- geo_
status_ inttimeout - The amount of seconds after which a request to get a secondary node status times out.
- git_
rate_ Sequence[str]limit_ users_ allowlists - List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
- git_
two_ intfactor_ session_ expiry - Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- gitaly_
timeout_ intdefault - Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- gitaly_
timeout_ intfast - Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- gitaly_
timeout_ intmedium - Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- grafana_
enabled bool - Enable Grafana.
- grafana_
url str - Grafana URL.
- gravatar_
enabled bool - Enable Gravatar.
- group_
owners_ boolcan_ manage_ default_ branch_ protection - Prevent overrides of default branch protection.
- hashed_
storage_ boolenabled - Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- help_
page_ boolhide_ commercial_ content - Hide marketing-related entries from help.
- help_
page_ strsupport_ url - Alternate support URL for help page and help dropdown.
- help_
page_ strtext - Custom text displayed on the help page.
- help_
text str - GitLab server administrator information.
- hide_
third_ boolparty_ offers - Do not display offers from third parties in GitLab.
- home_
page_ strurl - Redirect to this URL when not logged in.
- housekeeping_
enabled bool - Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
- housekeeping_
full_ intrepack_ period - Number of Git pushes after which an incremental git repack is run.
- housekeeping_
gc_ intperiod - Number of Git pushes after which git gc is run.
- housekeeping_
incremental_ intrepack_ period - Number of Git pushes after which an incremental git repack is run.
- housekeeping_
optimize_ intrepository_ period - Number of Git pushes after which an incremental git repack is run.
- html_
emails_ boolenabled - Enable HTML emails.
- import_
sources Sequence[str] - Sources to allow project import from. Valid values are:
github,bitbucket,bitbucket_server,fogbugz,git,gitlab.Project,gitea,manifest - in_
product_ boolmarketing_ emails_ enabled - Enable in-product marketing emails.
- inactive_
projects_ intdelete_ after_ months - If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive_
projects_ intmin_ size_ mb - If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive_
projects_ intsend_ warning_ email_ after_ months - If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- invisible_
captcha_ boolenabled - Enable Invisible CAPTCHA spam detection during sign-up.
- issues_
create_ intlimit - Max number of issue creation requests per minute per user.
- keep_
latest_ boolartifact - Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
- local_
markdown_ intversion - Increase this value when any cached Markdown should be invalidated.
- mailgun_
events_ boolenabled - Enable Mailgun event receiver.
- mailgun_
signing_ strkey - The Mailgun HTTP webhook signing key for receiving events from webhook.
- maintenance_
mode bool - When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- maintenance_
mode_ strmessage - Message displayed when instance is in maintenance mode.
- max_
artifacts_ intsize - Maximum artifacts size in MB.
- max_
attachment_ intsize - Limit attachment size in MB.
- max_
export_ intsize - Maximum export size in MB. 0 for unlimited.
- max_
import_ intsize - Maximum import size in MB. 0 for unlimited.
- max_
number_ intof_ repository_ downloads - Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- max_
number_ intof_ repository_ downloads_ within_ time_ period - Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- max_
pages_ intsize - Maximum size of pages repositories in MB.
- max_
personal_ intaccess_ token_ lifetime - Maximum allowable lifetime for access tokens in days.
- max_
ssh_ intkey_ lifetime - Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- max_
terraform_ intstate_ size_ bytes - metrics_
method_ intcall_ threshold - A method call is only tracked when it takes longer than the given amount of milliseconds.
- minimum_
password_ intlength - Indicates whether passwords require a minimum length. Introduced in GitLab 15.1. Premium and Ultimate only.
- mirror_
available bool - Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- mirror_
capacity_ intthreshold - Minimum capacity to be available before scheduling more mirrors preemptively.
- mirror_
max_ intcapacity - Maximum number of mirrors that can be synchronizing at the same time.
- mirror_
max_ intdelay - Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- npm_
package_ boolrequests_ forwarding - Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- outbound_
local_ Sequence[str]requests_ whitelists - Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- package_
registry_ intcleanup_ policies_ worker_ capacity - Number of workers assigned to the packages cleanup policies.
- pages_
domain_ boolverification_ enabled - Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- password_
authentication_ boolenabled_ for_ git - Enable authentication for Git over HTTP(S) via a GitLab account password.
- password_
authentication_ boolenabled_ for_ web - Enable authentication for the web interface via a GitLab account password.
- password_
lowercase_ boolrequired - Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- password_
number_ boolrequired - Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- password_
symbol_ boolrequired - Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- password_
uppercase_ boolrequired - Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- performance_
bar_ strallowed_ group_ path - Path of the group that is allowed to toggle the performance bar.
- personal_
access_ strtoken_ prefix - Prefix for all generated personal access tokens.
- pipeline_
limit_ intper_ project_ user_ sha - Maximum number of pipeline creation requests per minute per user and commit.
- plantuml_
enabled bool - (If enabled, requires: plantuml_url) Enable PlantUML integration.
- plantuml_
url str - The PlantUML instance URL for integration.
- polling_
interval_ floatmultiplier - Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- project_
export_ boolenabled - Enable project export.
- prometheus_
metrics_ boolenabled - Enable Prometheus metrics.
- protected_
ci_ boolvariables - CI/CD variables are protected by default.
- push_
event_ intactivities_ limit - Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- push_
event_ inthooks_ limit - Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- pypi_
package_ boolrequests_ forwarding - Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- rate_
limiting_ strresponse_ text - When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- raw_
blob_ intrequest_ limit - Max number of requests per minute for each raw path. To disable throttling set to 0.
- recaptcha_
enabled bool - (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- recaptcha_
private_ strkey - Private key for reCAPTCHA.
- recaptcha_
site_ strkey - Site key for reCAPTCHA.
- receive_
max_ intinput_ size - Maximum push size (MB).
- repository_
checks_ boolenabled - GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- repository_
size_ intlimit - Size limit per repository (MB).
- repository_
storages Sequence[str] - (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- repository_
storages_ Mapping[str, int]weighted - (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- require_
admin_ boolapproval_ after_ user_ signup - When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- require_
two_ boolfactor_ authentication - (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- restricted_
visibility_ Sequence[str]levels - Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
- rsa_
key_ intrestriction - The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
- search_
rate_ intlimit - Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
- search_
rate_ intlimit_ unauthenticated - Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
- send_
user_ boolconfirmation_ email - Send confirmation email on sign-up.
- session_
expire_ intdelay - Session duration in minutes. GitLab restart is required to apply changes.
- bool
- (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- int
- Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- str
- Shared runners text.
- sidekiq_
job_ intlimiter_ compression_ threshold_ bytes - The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
- sidekiq_
job_ intlimiter_ limit_ bytes - The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
- sidekiq_
job_ strlimiter_ mode - track or compress. Sets the behavior for Sidekiq job size limits.
- sign_
in_ strtext - Text on the login page.
- signup_
enabled bool - Enable registration.
- slack_
app_ boolenabled - (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- slack_
app_ strid - The app ID of the Slack-app.
- slack_
app_ strsecret - The app secret of the Slack-app.
- slack_
app_ strsigning_ secret - The signing secret of the Slack-app.
- slack_
app_ strverification_ token - The verification token of the Slack-app.
- snippet_
size_ intlimit - Max snippet content size in bytes.
- snowplow_
app_ strid - The Snowplow site name / application ID. (for example, gitlab)
- snowplow_
collector_ strhostname - The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- str
- The Snowplow cookie domain. (for example, .gitlab.com)
- snowplow_
enabled bool - Enable snowplow tracking.
- sourcegraph_
enabled bool - Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
- sourcegraph_
public_ boolonly - Blocks Sourcegraph from being loaded on private and internal projects.
- sourcegraph_
url str - The Sourcegraph instance URL for integration.
- spam_
check_ strapi_ key - API key used by GitLab for accessing the Spam Check service endpoint.
- spam_
check_ boolendpoint_ enabled - Enables spam checking using external Spam Check API endpoint.
- spam_
check_ strendpoint_ url - URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- suggest_
pipeline_ boolenabled - Enable pipeline suggestion banner.
- terminal_
max_ intsession_ time - Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- terms str
- (Required by: enforce_terms) Markdown content for the ToS.
- throttle_
authenticated_ boolapi_ enabled - (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle_
authenticated_ intapi_ period_ in_ seconds - Rate limit period (in seconds).
- throttle_
authenticated_ intapi_ requests_ per_ period - Maximum requests per period per user.
- throttle_
authenticated_ boolpackages_ api_ enabled - (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle_
authenticated_ intpackages_ api_ period_ in_ seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle_
authenticated_ intpackages_ api_ requests_ per_ period - Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle_
authenticated_ boolweb_ enabled - (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle_
authenticated_ intweb_ period_ in_ seconds - Rate limit period (in seconds).
- throttle_
authenticated_ intweb_ requests_ per_ period - Maximum requests per period per user.
- throttle_
unauthenticated_ boolapi_ enabled - (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle_
unauthenticated_ intapi_ period_ in_ seconds - Rate limit period in seconds.
- throttle_
unauthenticated_ intapi_ requests_ per_ period - Max requests per period per IP.
- throttle_
unauthenticated_ boolpackages_ api_ enabled - (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle_
unauthenticated_ intpackages_ api_ period_ in_ seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle_
unauthenticated_ intpackages_ api_ requests_ per_ period - Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle_
unauthenticated_ boolweb_ enabled - (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle_
unauthenticated_ intweb_ period_ in_ seconds - Rate limit period in seconds.
- throttle_
unauthenticated_ intweb_ requests_ per_ period - Max requests per period per IP.
- time_
tracking_ boollimit_ to_ hours - Limit display of time tracking units to hours.
- two_
factor_ intgrace_ period - Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- unique_
ips_ boollimit_ enabled - (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- unique_
ips_ intlimit_ per_ user - Maximum number of IPs per user.
- unique_
ips_ intlimit_ time_ window - How many seconds an IP is counted towards the limit.
- usage_
ping_ boolenabled - Every week GitLab reports license usage back to GitLab, Inc.
- user_
deactivation_ boolemails_ enabled - Send an email to users upon account deactivation.
- user_
default_ boolexternal - Newly registered users are external by default.
- user_
default_ strinternal_ regex - Specify an email address regex pattern to identify default internal users.
- user_
oauth_ boolapplications - Allow users to register any application to use GitLab as an OAuth provider.
- user_
show_ booladd_ ssh_ key_ message - When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- version_
check_ boolenabled - Let GitLab inform you when an update is available.
- web_
ide_ boolclientside_ preview_ enabled - Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- whats_
new_ strvariant - What’s new variant, possible values: alltiers, currenttier, and disabled.
- wiki_
page_ intmax_ content_ bytes - Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
- abuse
Notification StringEmail - If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- admin
Mode Boolean - Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- after
Sign StringOut Path - Where to redirect users after logout.
- after
Sign StringUp Text - Text shown to the user after signing up.
- String
- API key for Akismet spam protection.
- Boolean
- (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- allow
Account BooleanDeletion - Set to true to allow users to delete their accounts. Premium and Ultimate only.
- allow
Group BooleanOwners To Manage Ldap - Set to true to allow group owners to manage LDAP.
- allow
Local BooleanRequests From System Hooks - Allow requests to the local network from system hooks.
- allow
Local BooleanRequests From Web Hooks And Services - Allow requests to the local network from web hooks and services.
- allow
Project BooleanCreation For Guest And Below - Indicates whether users assigned up to the Guest role can create groups and personal projects.
- allow
Runner BooleanRegistration Token - Allow using a registration token to create a runner.
- archive
Builds StringIn Human Readable - Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- asciidoc
Max NumberIncludes - Maximum limit of AsciiDoc include directives being processed in any one document. Maximum: 64.
- asset
Proxy List<String>Allowlists - Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- asset
Proxy BooleanEnabled - (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- asset
Proxy StringSecret Key - Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- asset
Proxy StringUrl - URL of the asset proxy server. GitLab restart is required to apply changes.
- Boolean
- By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- auto
Ban BooleanUser On Excessive Projects Download - When enabled, users will get automatically banned from the application when they download more than the maximum number of unique projects in the time period specified by maxnumberofrepositorydownloads and maxnumberofrepositorydownloadswithintime_period respectively. Introduced in GitLab 15.4. Self-managed, Ultimate only.
- auto
Devops StringDomain - Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- auto
Devops BooleanEnabled - Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- automatic
Purchased BooleanStorage Allocation - Enabling this permits automatic allocation of purchased storage in a namespace.
- bulk
Import NumberConcurrent Pipeline Batch Limit - Maximum simultaneous Direct Transfer batches to process.
- bulk
Import BooleanEnabled - Enable migrating GitLab groups by direct transfer. Introduced in GitLab 15.8.
- bulk
Import NumberMax Download File Size - Maximum download file size when importing from source GitLab instances by direct transfer. Introduced in GitLab 16.3.
- can
Create BooleanGroup - Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
- check
Namespace BooleanPlan - Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- ci
Max NumberIncludes - The maximum number of includes per pipeline.
- ci
Max NumberTotal Yaml Size Bytes - The maximum amount of memory, in bytes, that can be allocated for the pipeline configuration, with all included YAML configuration files.
- commit
Email StringHostname - Custom hostname (for private commit emails).
- concurrent
Bitbucket NumberImport Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Cloud importer. Introduced in GitLab 16.11.
- concurrent
Bitbucket NumberServer Import Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Server importer. Introduced in GitLab 16.11.
- concurrent
Github NumberImport Jobs Limit - Maximum number of simultaneous import jobs for the GitHub importer. Introduced in GitLab 16.11.
- container
Expiration BooleanPolicies Enable Historic Entries - Enable cleanup policies for all projects.
- Number
- The maximum number of tags that can be deleted in a single execution of cleanup policies.
- Number
- The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- container
Registry BooleanExpiration Policies Caching - Caching during the execution of cleanup policies.
- container
Registry NumberExpiration Policies Worker Capacity - Number of workers for cleanup policies.
- container
Registry NumberToken Expire Delay - Container Registry token duration in minutes.
- deactivate
Dormant BooleanUsers - Enable automatic deactivation of dormant users.
- deactivate
Dormant NumberUsers Period - Length of time (in days) after which a user is considered dormant. Introduced in GitLab 15.3.
- decompress
Archive NumberFile Timeout - Default timeout for decompressing archived files, in seconds. Set to 0 to disable timeouts. Introduced in GitLab 16.4.
- default
Artifacts StringExpire In - Set the default expiration time for each job’s artifacts.
- default
Branch StringName - Instance-level custom initial branch name (introduced in GitLab 13.2).
- default
Branch NumberProtection - Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- default
Branch Property MapProtection Defaults - The defaultbranchprotection*defaults attribute describes the default branch protection defaults. All parameters are optional.
- default
Ci StringConfig Path - Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- default
Group StringVisibility - What visibility level new groups receive. Can take private, internal and public as a parameter.
- default
Preferred StringLanguage - Default preferred language for users who are not logged in.
- default
Project NumberCreation - Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- default
Project StringVisibility - What visibility level new projects receive. Can take private, internal and public as a parameter.
- default
Projects NumberLimit - Project limit per user.
- default
Snippet StringVisibility - What visibility level new snippets receive. Can take private, internal and public as a parameter.
- default
Syntax NumberHighlighting Theme - Default syntax highlighting theme for users who are new or not signed in. See IDs of available themes (https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/themes.rb#L16)
- delete
Inactive BooleanProjects - Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
- delete
Unconfirmed BooleanUsers - Specifies whether users who have not confirmed their email should be deleted. When set to true, unconfirmed users are deleted after unconfirmedusersdeleteafterdays days. Introduced in GitLab 16.1. Self-managed, Premium and Ultimate only.
- deletion
Adjourned NumberPeriod - The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
- diagramsnet
Enabled Boolean - (If enabled, requires diagramsnet_url) Enable Diagrams.net integration.
- diagramsnet
Url String - The Diagrams.net instance URL for integration.
- diff
Max NumberFiles - Maximum files in a diff.
- diff
Max NumberLines - Maximum lines in a diff.
- diff
Max NumberPatch Bytes - Maximum diff patch size, in bytes.
- disable
Admin BooleanOauth Scopes - Stops administrators from connecting their GitLab accounts to non-trusted OAuth 2.0 applications that have the api, readapi, readrepository, writerepository, readregistry, write_registry, or sudo scopes. Introduced in GitLab 15.6.
- disable
Feed BooleanToken - Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- disable
Personal BooleanAccess Tokens - Disable personal access tokens. Introduced in GitLab 15.7. Self-managed, Premium and Ultimate only. There is no method available to enable a personal access token that’s been disabled through the API. This is a known issue.
- disabled
Oauth List<String>Sign In Sources - Disabled OAuth sign-in sources.
- dns
Rebinding BooleanProtection Enabled - Enforce DNS rebinding attack protection.
- domain
Allowlists List<String> - Force people to use only corporate emails for sign-up. Null means there is no restriction.
- domain
Denylist BooleanEnabled - (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- domain
Denylists List<String> - Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- downstream
Pipeline NumberTrigger Limit Per Project User Sha - Maximum downstream pipeline trigger rate. Introduced in GitLab 16.10.
- dsa
Key NumberRestriction - The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
- duo
Features BooleanEnabled - Indicates whether GitLab Duo features are enabled for this instance. Introduced in GitLab 16.10. Self-managed, Premium and Ultimate only.
- ecdsa
Key NumberRestriction - The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
- ecdsa
Sk NumberKey Restriction - The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
- ed25519Key
Restriction Number - The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
- ed25519Sk
Key NumberRestriction - The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
- eks
Access StringKey Id - AWS IAM access key ID.
- eks
Account StringId - Amazon account ID.
- eks
Integration BooleanEnabled - Enable integration with Amazon EKS.
- eks
Secret StringAccess Key - AWS IAM secret access key.
- elasticsearch
Aws Boolean - Enable the use of AWS hosted Elasticsearch.
- elasticsearch
Aws StringAccess Key - AWS IAM access key.
- elasticsearch
Aws StringRegion - The AWS region the Elasticsearch domain is configured.
- elasticsearch
Aws StringSecret Access Key - AWS IAM secret access key.
- elasticsearch
Indexed NumberField Length Limit - Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- elasticsearch
Indexed NumberFile Size Limit Kb - Maximum size of repository and wiki files that are indexed by Elasticsearch.
- elasticsearch
Indexing Boolean - Enable Elasticsearch indexing.
- elasticsearch
Limit BooleanIndexing - Limit Elasticsearch to index certain namespaces and projects.
- elasticsearch
Max NumberBulk Concurrency - Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- elasticsearch
Max NumberBulk Size Mb - Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- elasticsearch
Namespace List<Number>Ids - The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch
Password String - The password of your Elasticsearch instance.
- elasticsearch
Project List<Number>Ids - The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch
Search Boolean - Enable Elasticsearch search.
- elasticsearch
Urls List<String> - The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- elasticsearch
Username String - The username of your Elasticsearch instance.
- email
Additional StringText - Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- Boolean
- Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- enabled
Git StringAccess Protocol - Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- enforce
Namespace BooleanStorage Limit - Enabling this permits enforcement of namespace storage limits.
- enforce
Terms Boolean - (If enabled, requires: terms) Enforce application ToS to all users.
- external
Auth StringClient Cert - (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- external
Auth StringClient Key - Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- external
Auth StringClient Key Pass - Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- String
- The default classification label to use when requesting authorization and no classification label has been specified on the project.
- Boolean
- (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- Number
- The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- String
- URL to which authorization requests are directed.
- external
Pipeline NumberValidation Service Timeout - How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- external
Pipeline StringValidation Service Token - Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- external
Pipeline StringValidation Service Url - URL to use for pipeline validation requests.
- file
Template NumberProject Id - The ID of a project to load custom file templates from.
- first
Day NumberOf Week - Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
- geo
Node StringAllowed Ips - Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- geo
Status NumberTimeout - The amount of seconds after which a request to get a secondary node status times out.
- git
Rate List<String>Limit Users Allowlists - List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
- git
Two NumberFactor Session Expiry - Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- gitaly
Timeout NumberDefault - Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- gitaly
Timeout NumberFast - Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- gitaly
Timeout NumberMedium - Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- grafana
Enabled Boolean - Enable Grafana.
- grafana
Url String - Grafana URL.
- gravatar
Enabled Boolean - Enable Gravatar.
- group
Owners BooleanCan Manage Default Branch Protection - Prevent overrides of default branch protection.
- hashed
Storage BooleanEnabled - Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- help
Page BooleanHide Commercial Content - Hide marketing-related entries from help.
- help
Page StringSupport Url - Alternate support URL for help page and help dropdown.
- help
Page StringText - Custom text displayed on the help page.
- help
Text String - GitLab server administrator information.
- hide
Third BooleanParty Offers - Do not display offers from third parties in GitLab.
- home
Page StringUrl - Redirect to this URL when not logged in.
- housekeeping
Enabled Boolean - Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
- housekeeping
Full NumberRepack Period - Number of Git pushes after which an incremental git repack is run.
- housekeeping
Gc NumberPeriod - Number of Git pushes after which git gc is run.
- housekeeping
Incremental NumberRepack Period - Number of Git pushes after which an incremental git repack is run.
- housekeeping
Optimize NumberRepository Period - Number of Git pushes after which an incremental git repack is run.
- html
Emails BooleanEnabled - Enable HTML emails.
- import
Sources List<String> - Sources to allow project import from. Valid values are:
github,bitbucket,bitbucket_server,fogbugz,git,gitlab.Project,gitea,manifest - in
Product BooleanMarketing Emails Enabled - Enable in-product marketing emails.
- inactive
Projects NumberDelete After Months - If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive
Projects NumberMin Size Mb - If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive
Projects NumberSend Warning Email After Months - If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- invisible
Captcha BooleanEnabled - Enable Invisible CAPTCHA spam detection during sign-up.
- issues
Create NumberLimit - Max number of issue creation requests per minute per user.
- keep
Latest BooleanArtifact - Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
- local
Markdown NumberVersion - Increase this value when any cached Markdown should be invalidated.
- mailgun
Events BooleanEnabled - Enable Mailgun event receiver.
- mailgun
Signing StringKey - The Mailgun HTTP webhook signing key for receiving events from webhook.
- maintenance
Mode Boolean - When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- maintenance
Mode StringMessage - Message displayed when instance is in maintenance mode.
- max
Artifacts NumberSize - Maximum artifacts size in MB.
- max
Attachment NumberSize - Limit attachment size in MB.
- max
Export NumberSize - Maximum export size in MB. 0 for unlimited.
- max
Import NumberSize - Maximum import size in MB. 0 for unlimited.
- max
Number NumberOf Repository Downloads - Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- max
Number NumberOf Repository Downloads Within Time Period - Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- max
Pages NumberSize - Maximum size of pages repositories in MB.
- max
Personal NumberAccess Token Lifetime - Maximum allowable lifetime for access tokens in days.
- max
Ssh NumberKey Lifetime - Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- max
Terraform NumberState Size Bytes - metrics
Method NumberCall Threshold - A method call is only tracked when it takes longer than the given amount of milliseconds.
- minimum
Password NumberLength - Indicates whether passwords require a minimum length. Introduced in GitLab 15.1. Premium and Ultimate only.
- mirror
Available Boolean - Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- mirror
Capacity NumberThreshold - Minimum capacity to be available before scheduling more mirrors preemptively.
- mirror
Max NumberCapacity - Maximum number of mirrors that can be synchronizing at the same time.
- mirror
Max NumberDelay - Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- npm
Package BooleanRequests Forwarding - Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- outbound
Local List<String>Requests Whitelists - Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- package
Registry NumberCleanup Policies Worker Capacity - Number of workers assigned to the packages cleanup policies.
- pages
Domain BooleanVerification Enabled - Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- password
Authentication BooleanEnabled For Git - Enable authentication for Git over HTTP(S) via a GitLab account password.
- password
Authentication BooleanEnabled For Web - Enable authentication for the web interface via a GitLab account password.
- password
Lowercase BooleanRequired - Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- password
Number BooleanRequired - Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- password
Symbol BooleanRequired - Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- password
Uppercase BooleanRequired - Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- performance
Bar StringAllowed Group Path - Path of the group that is allowed to toggle the performance bar.
- personal
Access StringToken Prefix - Prefix for all generated personal access tokens.
- pipeline
Limit NumberPer Project User Sha - Maximum number of pipeline creation requests per minute per user and commit.
- plantuml
Enabled Boolean - (If enabled, requires: plantuml_url) Enable PlantUML integration.
- plantuml
Url String - The PlantUML instance URL for integration.
- polling
Interval NumberMultiplier - Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- project
Export BooleanEnabled - Enable project export.
- prometheus
Metrics BooleanEnabled - Enable Prometheus metrics.
- protected
Ci BooleanVariables - CI/CD variables are protected by default.
- push
Event NumberActivities Limit - Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- push
Event NumberHooks Limit - Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- pypi
Package BooleanRequests Forwarding - Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- rate
Limiting StringResponse Text - When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- raw
Blob NumberRequest Limit - Max number of requests per minute for each raw path. To disable throttling set to 0.
- recaptcha
Enabled Boolean - (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- recaptcha
Private StringKey - Private key for reCAPTCHA.
- recaptcha
Site StringKey - Site key for reCAPTCHA.
- receive
Max NumberInput Size - Maximum push size (MB).
- repository
Checks BooleanEnabled - GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- repository
Size NumberLimit - Size limit per repository (MB).
- repository
Storages List<String> - (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- repository
Storages Map<Number>Weighted - (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- require
Admin BooleanApproval After User Signup - When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- require
Two BooleanFactor Authentication - (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- restricted
Visibility List<String>Levels - Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
- rsa
Key NumberRestriction - The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
- search
Rate NumberLimit - Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
- search
Rate NumberLimit Unauthenticated - Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
- send
User BooleanConfirmation Email - Send confirmation email on sign-up.
- session
Expire NumberDelay - Session duration in minutes. GitLab restart is required to apply changes.
- Boolean
- (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- Number
- Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- String
- Shared runners text.
- sidekiq
Job NumberLimiter Compression Threshold Bytes - The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
- sidekiq
Job NumberLimiter Limit Bytes - The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
- sidekiq
Job StringLimiter Mode - track or compress. Sets the behavior for Sidekiq job size limits.
- sign
In StringText - Text on the login page.
- signup
Enabled Boolean - Enable registration.
- slack
App BooleanEnabled - (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- slack
App StringId - The app ID of the Slack-app.
- slack
App StringSecret - The app secret of the Slack-app.
- slack
App StringSigning Secret - The signing secret of the Slack-app.
- slack
App StringVerification Token - The verification token of the Slack-app.
- snippet
Size NumberLimit - Max snippet content size in bytes.
- snowplow
App StringId - The Snowplow site name / application ID. (for example, gitlab)
- snowplow
Collector StringHostname - The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- String
- The Snowplow cookie domain. (for example, .gitlab.com)
- snowplow
Enabled Boolean - Enable snowplow tracking.
- sourcegraph
Enabled Boolean - Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
- sourcegraph
Public BooleanOnly - Blocks Sourcegraph from being loaded on private and internal projects.
- sourcegraph
Url String - The Sourcegraph instance URL for integration.
- spam
Check StringApi Key - API key used by GitLab for accessing the Spam Check service endpoint.
- spam
Check BooleanEndpoint Enabled - Enables spam checking using external Spam Check API endpoint.
- spam
Check StringEndpoint Url - URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- suggest
Pipeline BooleanEnabled - Enable pipeline suggestion banner.
- terminal
Max NumberSession Time - Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- terms String
- (Required by: enforce_terms) Markdown content for the ToS.
- throttle
Authenticated BooleanApi Enabled - (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Authenticated NumberApi Period In Seconds - Rate limit period (in seconds).
- throttle
Authenticated NumberApi Requests Per Period - Maximum requests per period per user.
- throttle
Authenticated BooleanPackages Api Enabled - (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle
Authenticated NumberPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle
Authenticated NumberPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle
Authenticated BooleanWeb Enabled - (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Authenticated NumberWeb Period In Seconds - Rate limit period (in seconds).
- throttle
Authenticated NumberWeb Requests Per Period - Maximum requests per period per user.
- throttle
Unauthenticated BooleanApi Enabled - (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Unauthenticated NumberApi Period In Seconds - Rate limit period in seconds.
- throttle
Unauthenticated NumberApi Requests Per Period - Max requests per period per IP.
- throttle
Unauthenticated BooleanPackages Api Enabled - (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle
Unauthenticated NumberPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle
Unauthenticated NumberPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle
Unauthenticated BooleanWeb Enabled - (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Unauthenticated NumberWeb Period In Seconds - Rate limit period in seconds.
- throttle
Unauthenticated NumberWeb Requests Per Period - Max requests per period per IP.
- time
Tracking BooleanLimit To Hours - Limit display of time tracking units to hours.
- two
Factor NumberGrace Period - Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- unique
Ips BooleanLimit Enabled - (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- unique
Ips NumberLimit Per User - Maximum number of IPs per user.
- unique
Ips NumberLimit Time Window - How many seconds an IP is counted towards the limit.
- usage
Ping BooleanEnabled - Every week GitLab reports license usage back to GitLab, Inc.
- user
Deactivation BooleanEmails Enabled - Send an email to users upon account deactivation.
- user
Default BooleanExternal - Newly registered users are external by default.
- user
Default StringInternal Regex - Specify an email address regex pattern to identify default internal users.
- user
Oauth BooleanApplications - Allow users to register any application to use GitLab as an OAuth provider.
- user
Show BooleanAdd Ssh Key Message - When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- version
Check BooleanEnabled - Let GitLab inform you when an update is available.
- web
Ide BooleanClientside Preview Enabled - Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- whats
New StringVariant - What’s new variant, possible values: alltiers, currenttier, and disabled.
- wiki
Page NumberMax Content Bytes - Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
Outputs
All input properties are implicitly available as output properties. Additionally, the ApplicationSettings resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ApplicationSettings Resource
Get an existing ApplicationSettings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ApplicationSettingsState, opts?: CustomResourceOptions): ApplicationSettings@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
abuse_notification_email: Optional[str] = None,
admin_mode: Optional[bool] = None,
after_sign_out_path: Optional[str] = None,
after_sign_up_text: Optional[str] = None,
akismet_api_key: Optional[str] = None,
akismet_enabled: Optional[bool] = None,
allow_account_deletion: Optional[bool] = None,
allow_group_owners_to_manage_ldap: Optional[bool] = None,
allow_local_requests_from_system_hooks: Optional[bool] = None,
allow_local_requests_from_web_hooks_and_services: Optional[bool] = None,
allow_project_creation_for_guest_and_below: Optional[bool] = None,
allow_runner_registration_token: Optional[bool] = None,
archive_builds_in_human_readable: Optional[str] = None,
asciidoc_max_includes: Optional[int] = None,
asset_proxy_allowlists: Optional[Sequence[str]] = None,
asset_proxy_enabled: Optional[bool] = None,
asset_proxy_secret_key: Optional[str] = None,
asset_proxy_url: Optional[str] = None,
authorized_keys_enabled: Optional[bool] = None,
auto_ban_user_on_excessive_projects_download: Optional[bool] = None,
auto_devops_domain: Optional[str] = None,
auto_devops_enabled: Optional[bool] = None,
automatic_purchased_storage_allocation: Optional[bool] = None,
bulk_import_concurrent_pipeline_batch_limit: Optional[int] = None,
bulk_import_enabled: Optional[bool] = None,
bulk_import_max_download_file_size: Optional[int] = None,
can_create_group: Optional[bool] = None,
check_namespace_plan: Optional[bool] = None,
ci_max_includes: Optional[int] = None,
ci_max_total_yaml_size_bytes: Optional[int] = None,
commit_email_hostname: Optional[str] = None,
concurrent_bitbucket_import_jobs_limit: Optional[int] = None,
concurrent_bitbucket_server_import_jobs_limit: Optional[int] = None,
concurrent_github_import_jobs_limit: Optional[int] = None,
container_expiration_policies_enable_historic_entries: Optional[bool] = None,
container_registry_cleanup_tags_service_max_list_size: Optional[int] = None,
container_registry_delete_tags_service_timeout: Optional[int] = None,
container_registry_expiration_policies_caching: Optional[bool] = None,
container_registry_expiration_policies_worker_capacity: Optional[int] = None,
container_registry_token_expire_delay: Optional[int] = None,
deactivate_dormant_users: Optional[bool] = None,
deactivate_dormant_users_period: Optional[int] = None,
decompress_archive_file_timeout: Optional[int] = None,
default_artifacts_expire_in: Optional[str] = None,
default_branch_name: Optional[str] = None,
default_branch_protection: Optional[int] = None,
default_branch_protection_defaults: Optional[ApplicationSettingsDefaultBranchProtectionDefaultsArgs] = None,
default_ci_config_path: Optional[str] = None,
default_group_visibility: Optional[str] = None,
default_preferred_language: Optional[str] = None,
default_project_creation: Optional[int] = None,
default_project_visibility: Optional[str] = None,
default_projects_limit: Optional[int] = None,
default_snippet_visibility: Optional[str] = None,
default_syntax_highlighting_theme: Optional[int] = None,
delete_inactive_projects: Optional[bool] = None,
delete_unconfirmed_users: Optional[bool] = None,
deletion_adjourned_period: Optional[int] = None,
diagramsnet_enabled: Optional[bool] = None,
diagramsnet_url: Optional[str] = None,
diff_max_files: Optional[int] = None,
diff_max_lines: Optional[int] = None,
diff_max_patch_bytes: Optional[int] = None,
disable_admin_oauth_scopes: Optional[bool] = None,
disable_feed_token: Optional[bool] = None,
disable_personal_access_tokens: Optional[bool] = None,
disabled_oauth_sign_in_sources: Optional[Sequence[str]] = None,
dns_rebinding_protection_enabled: Optional[bool] = None,
domain_allowlists: Optional[Sequence[str]] = None,
domain_denylist_enabled: Optional[bool] = None,
domain_denylists: Optional[Sequence[str]] = None,
downstream_pipeline_trigger_limit_per_project_user_sha: Optional[int] = None,
dsa_key_restriction: Optional[int] = None,
duo_features_enabled: Optional[bool] = None,
ecdsa_key_restriction: Optional[int] = None,
ecdsa_sk_key_restriction: Optional[int] = None,
ed25519_key_restriction: Optional[int] = None,
ed25519_sk_key_restriction: Optional[int] = None,
eks_access_key_id: Optional[str] = None,
eks_account_id: Optional[str] = None,
eks_integration_enabled: Optional[bool] = None,
eks_secret_access_key: Optional[str] = None,
elasticsearch_aws: Optional[bool] = None,
elasticsearch_aws_access_key: Optional[str] = None,
elasticsearch_aws_region: Optional[str] = None,
elasticsearch_aws_secret_access_key: Optional[str] = None,
elasticsearch_indexed_field_length_limit: Optional[int] = None,
elasticsearch_indexed_file_size_limit_kb: Optional[int] = None,
elasticsearch_indexing: Optional[bool] = None,
elasticsearch_limit_indexing: Optional[bool] = None,
elasticsearch_max_bulk_concurrency: Optional[int] = None,
elasticsearch_max_bulk_size_mb: Optional[int] = None,
elasticsearch_namespace_ids: Optional[Sequence[int]] = None,
elasticsearch_password: Optional[str] = None,
elasticsearch_project_ids: Optional[Sequence[int]] = None,
elasticsearch_search: Optional[bool] = None,
elasticsearch_urls: Optional[Sequence[str]] = None,
elasticsearch_username: Optional[str] = None,
email_additional_text: Optional[str] = None,
email_author_in_body: Optional[bool] = None,
enabled_git_access_protocol: Optional[str] = None,
enforce_namespace_storage_limit: Optional[bool] = None,
enforce_terms: Optional[bool] = None,
external_auth_client_cert: Optional[str] = None,
external_auth_client_key: Optional[str] = None,
external_auth_client_key_pass: Optional[str] = None,
external_authorization_service_default_label: Optional[str] = None,
external_authorization_service_enabled: Optional[bool] = None,
external_authorization_service_timeout: Optional[float] = None,
external_authorization_service_url: Optional[str] = None,
external_pipeline_validation_service_timeout: Optional[int] = None,
external_pipeline_validation_service_token: Optional[str] = None,
external_pipeline_validation_service_url: Optional[str] = None,
file_template_project_id: Optional[int] = None,
first_day_of_week: Optional[int] = None,
geo_node_allowed_ips: Optional[str] = None,
geo_status_timeout: Optional[int] = None,
git_rate_limit_users_allowlists: Optional[Sequence[str]] = None,
git_two_factor_session_expiry: Optional[int] = None,
gitaly_timeout_default: Optional[int] = None,
gitaly_timeout_fast: Optional[int] = None,
gitaly_timeout_medium: Optional[int] = None,
grafana_enabled: Optional[bool] = None,
grafana_url: Optional[str] = None,
gravatar_enabled: Optional[bool] = None,
group_owners_can_manage_default_branch_protection: Optional[bool] = None,
hashed_storage_enabled: Optional[bool] = None,
help_page_hide_commercial_content: Optional[bool] = None,
help_page_support_url: Optional[str] = None,
help_page_text: Optional[str] = None,
help_text: Optional[str] = None,
hide_third_party_offers: Optional[bool] = None,
home_page_url: Optional[str] = None,
housekeeping_enabled: Optional[bool] = None,
housekeeping_full_repack_period: Optional[int] = None,
housekeeping_gc_period: Optional[int] = None,
housekeeping_incremental_repack_period: Optional[int] = None,
housekeeping_optimize_repository_period: Optional[int] = None,
html_emails_enabled: Optional[bool] = None,
import_sources: Optional[Sequence[str]] = None,
in_product_marketing_emails_enabled: Optional[bool] = None,
inactive_projects_delete_after_months: Optional[int] = None,
inactive_projects_min_size_mb: Optional[int] = None,
inactive_projects_send_warning_email_after_months: Optional[int] = None,
invisible_captcha_enabled: Optional[bool] = None,
issues_create_limit: Optional[int] = None,
keep_latest_artifact: Optional[bool] = None,
local_markdown_version: Optional[int] = None,
mailgun_events_enabled: Optional[bool] = None,
mailgun_signing_key: Optional[str] = None,
maintenance_mode: Optional[bool] = None,
maintenance_mode_message: Optional[str] = None,
max_artifacts_size: Optional[int] = None,
max_attachment_size: Optional[int] = None,
max_export_size: Optional[int] = None,
max_import_size: Optional[int] = None,
max_number_of_repository_downloads: Optional[int] = None,
max_number_of_repository_downloads_within_time_period: Optional[int] = None,
max_pages_size: Optional[int] = None,
max_personal_access_token_lifetime: Optional[int] = None,
max_ssh_key_lifetime: Optional[int] = None,
max_terraform_state_size_bytes: Optional[int] = None,
metrics_method_call_threshold: Optional[int] = None,
minimum_password_length: Optional[int] = None,
mirror_available: Optional[bool] = None,
mirror_capacity_threshold: Optional[int] = None,
mirror_max_capacity: Optional[int] = None,
mirror_max_delay: Optional[int] = None,
npm_package_requests_forwarding: Optional[bool] = None,
outbound_local_requests_whitelists: Optional[Sequence[str]] = None,
package_registry_cleanup_policies_worker_capacity: Optional[int] = None,
pages_domain_verification_enabled: Optional[bool] = None,
password_authentication_enabled_for_git: Optional[bool] = None,
password_authentication_enabled_for_web: Optional[bool] = None,
password_lowercase_required: Optional[bool] = None,
password_number_required: Optional[bool] = None,
password_symbol_required: Optional[bool] = None,
password_uppercase_required: Optional[bool] = None,
performance_bar_allowed_group_path: Optional[str] = None,
personal_access_token_prefix: Optional[str] = None,
pipeline_limit_per_project_user_sha: Optional[int] = None,
plantuml_enabled: Optional[bool] = None,
plantuml_url: Optional[str] = None,
polling_interval_multiplier: Optional[float] = None,
project_export_enabled: Optional[bool] = None,
prometheus_metrics_enabled: Optional[bool] = None,
protected_ci_variables: Optional[bool] = None,
push_event_activities_limit: Optional[int] = None,
push_event_hooks_limit: Optional[int] = None,
pypi_package_requests_forwarding: Optional[bool] = None,
rate_limiting_response_text: Optional[str] = None,
raw_blob_request_limit: Optional[int] = None,
recaptcha_enabled: Optional[bool] = None,
recaptcha_private_key: Optional[str] = None,
recaptcha_site_key: Optional[str] = None,
receive_max_input_size: Optional[int] = None,
repository_checks_enabled: Optional[bool] = None,
repository_size_limit: Optional[int] = None,
repository_storages: Optional[Sequence[str]] = None,
repository_storages_weighted: Optional[Mapping[str, int]] = None,
require_admin_approval_after_user_signup: Optional[bool] = None,
require_two_factor_authentication: Optional[bool] = None,
restricted_visibility_levels: Optional[Sequence[str]] = None,
rsa_key_restriction: Optional[int] = None,
search_rate_limit: Optional[int] = None,
search_rate_limit_unauthenticated: Optional[int] = None,
send_user_confirmation_email: Optional[bool] = None,
session_expire_delay: Optional[int] = None,
shared_runners_enabled: Optional[bool] = None,
shared_runners_minutes: Optional[int] = None,
shared_runners_text: Optional[str] = None,
sidekiq_job_limiter_compression_threshold_bytes: Optional[int] = None,
sidekiq_job_limiter_limit_bytes: Optional[int] = None,
sidekiq_job_limiter_mode: Optional[str] = None,
sign_in_text: Optional[str] = None,
signup_enabled: Optional[bool] = None,
slack_app_enabled: Optional[bool] = None,
slack_app_id: Optional[str] = None,
slack_app_secret: Optional[str] = None,
slack_app_signing_secret: Optional[str] = None,
slack_app_verification_token: Optional[str] = None,
snippet_size_limit: Optional[int] = None,
snowplow_app_id: Optional[str] = None,
snowplow_collector_hostname: Optional[str] = None,
snowplow_cookie_domain: Optional[str] = None,
snowplow_enabled: Optional[bool] = None,
sourcegraph_enabled: Optional[bool] = None,
sourcegraph_public_only: Optional[bool] = None,
sourcegraph_url: Optional[str] = None,
spam_check_api_key: Optional[str] = None,
spam_check_endpoint_enabled: Optional[bool] = None,
spam_check_endpoint_url: Optional[str] = None,
suggest_pipeline_enabled: Optional[bool] = None,
terminal_max_session_time: Optional[int] = None,
terms: Optional[str] = None,
throttle_authenticated_api_enabled: Optional[bool] = None,
throttle_authenticated_api_period_in_seconds: Optional[int] = None,
throttle_authenticated_api_requests_per_period: Optional[int] = None,
throttle_authenticated_packages_api_enabled: Optional[bool] = None,
throttle_authenticated_packages_api_period_in_seconds: Optional[int] = None,
throttle_authenticated_packages_api_requests_per_period: Optional[int] = None,
throttle_authenticated_web_enabled: Optional[bool] = None,
throttle_authenticated_web_period_in_seconds: Optional[int] = None,
throttle_authenticated_web_requests_per_period: Optional[int] = None,
throttle_unauthenticated_api_enabled: Optional[bool] = None,
throttle_unauthenticated_api_period_in_seconds: Optional[int] = None,
throttle_unauthenticated_api_requests_per_period: Optional[int] = None,
throttle_unauthenticated_packages_api_enabled: Optional[bool] = None,
throttle_unauthenticated_packages_api_period_in_seconds: Optional[int] = None,
throttle_unauthenticated_packages_api_requests_per_period: Optional[int] = None,
throttle_unauthenticated_web_enabled: Optional[bool] = None,
throttle_unauthenticated_web_period_in_seconds: Optional[int] = None,
throttle_unauthenticated_web_requests_per_period: Optional[int] = None,
time_tracking_limit_to_hours: Optional[bool] = None,
two_factor_grace_period: Optional[int] = None,
unique_ips_limit_enabled: Optional[bool] = None,
unique_ips_limit_per_user: Optional[int] = None,
unique_ips_limit_time_window: Optional[int] = None,
usage_ping_enabled: Optional[bool] = None,
user_deactivation_emails_enabled: Optional[bool] = None,
user_default_external: Optional[bool] = None,
user_default_internal_regex: Optional[str] = None,
user_oauth_applications: Optional[bool] = None,
user_show_add_ssh_key_message: Optional[bool] = None,
version_check_enabled: Optional[bool] = None,
web_ide_clientside_preview_enabled: Optional[bool] = None,
whats_new_variant: Optional[str] = None,
wiki_page_max_content_bytes: Optional[int] = None) -> ApplicationSettingsfunc GetApplicationSettings(ctx *Context, name string, id IDInput, state *ApplicationSettingsState, opts ...ResourceOption) (*ApplicationSettings, error)public static ApplicationSettings Get(string name, Input<string> id, ApplicationSettingsState? state, CustomResourceOptions? opts = null)public static ApplicationSettings get(String name, Output<String> id, ApplicationSettingsState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Abuse
Notification stringEmail - If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- Admin
Mode bool - Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- After
Sign stringOut Path - Where to redirect users after logout.
- After
Sign stringUp Text - Text shown to the user after signing up.
- string
- API key for Akismet spam protection.
- bool
- (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- Allow
Account boolDeletion - Set to true to allow users to delete their accounts. Premium and Ultimate only.
- Allow
Group boolOwners To Manage Ldap - Set to true to allow group owners to manage LDAP.
- Allow
Local boolRequests From System Hooks - Allow requests to the local network from system hooks.
- Allow
Local boolRequests From Web Hooks And Services - Allow requests to the local network from web hooks and services.
- Allow
Project boolCreation For Guest And Below - Indicates whether users assigned up to the Guest role can create groups and personal projects.
- Allow
Runner boolRegistration Token - Allow using a registration token to create a runner.
- Archive
Builds stringIn Human Readable - Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- Asciidoc
Max intIncludes - Maximum limit of AsciiDoc include directives being processed in any one document. Maximum: 64.
- Asset
Proxy List<string>Allowlists - Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- Asset
Proxy boolEnabled - (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- Asset
Proxy stringSecret Key - Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- Asset
Proxy stringUrl - URL of the asset proxy server. GitLab restart is required to apply changes.
- bool
- By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- Auto
Ban boolUser On Excessive Projects Download - When enabled, users will get automatically banned from the application when they download more than the maximum number of unique projects in the time period specified by maxnumberofrepositorydownloads and maxnumberofrepositorydownloadswithintime_period respectively. Introduced in GitLab 15.4. Self-managed, Ultimate only.
- Auto
Devops stringDomain - Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- Auto
Devops boolEnabled - Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- Automatic
Purchased boolStorage Allocation - Enabling this permits automatic allocation of purchased storage in a namespace.
- Bulk
Import intConcurrent Pipeline Batch Limit - Maximum simultaneous Direct Transfer batches to process.
- Bulk
Import boolEnabled - Enable migrating GitLab groups by direct transfer. Introduced in GitLab 15.8.
- Bulk
Import intMax Download File Size - Maximum download file size when importing from source GitLab instances by direct transfer. Introduced in GitLab 16.3.
- Can
Create boolGroup - Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
- Check
Namespace boolPlan - Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- Ci
Max intIncludes - The maximum number of includes per pipeline.
- Ci
Max intTotal Yaml Size Bytes - The maximum amount of memory, in bytes, that can be allocated for the pipeline configuration, with all included YAML configuration files.
- Commit
Email stringHostname - Custom hostname (for private commit emails).
- Concurrent
Bitbucket intImport Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Cloud importer. Introduced in GitLab 16.11.
- Concurrent
Bitbucket intServer Import Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Server importer. Introduced in GitLab 16.11.
- Concurrent
Github intImport Jobs Limit - Maximum number of simultaneous import jobs for the GitHub importer. Introduced in GitLab 16.11.
- Container
Expiration boolPolicies Enable Historic Entries - Enable cleanup policies for all projects.
- int
- The maximum number of tags that can be deleted in a single execution of cleanup policies.
- int
- The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- Container
Registry boolExpiration Policies Caching - Caching during the execution of cleanup policies.
- Container
Registry intExpiration Policies Worker Capacity - Number of workers for cleanup policies.
- Container
Registry intToken Expire Delay - Container Registry token duration in minutes.
- Deactivate
Dormant boolUsers - Enable automatic deactivation of dormant users.
- Deactivate
Dormant intUsers Period - Length of time (in days) after which a user is considered dormant. Introduced in GitLab 15.3.
- Decompress
Archive intFile Timeout - Default timeout for decompressing archived files, in seconds. Set to 0 to disable timeouts. Introduced in GitLab 16.4.
- Default
Artifacts stringExpire In - Set the default expiration time for each job’s artifacts.
- Default
Branch stringName - Instance-level custom initial branch name (introduced in GitLab 13.2).
- Default
Branch intProtection - Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- Default
Branch Pulumi.Protection Defaults Git Lab. Inputs. Application Settings Default Branch Protection Defaults - The defaultbranchprotection*defaults attribute describes the default branch protection defaults. All parameters are optional.
- Default
Ci stringConfig Path - Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- Default
Group stringVisibility - What visibility level new groups receive. Can take private, internal and public as a parameter.
- Default
Preferred stringLanguage - Default preferred language for users who are not logged in.
- Default
Project intCreation - Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- Default
Project stringVisibility - What visibility level new projects receive. Can take private, internal and public as a parameter.
- Default
Projects intLimit - Project limit per user.
- Default
Snippet stringVisibility - What visibility level new snippets receive. Can take private, internal and public as a parameter.
- Default
Syntax intHighlighting Theme - Default syntax highlighting theme for users who are new or not signed in. See IDs of available themes (https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/themes.rb#L16)
- Delete
Inactive boolProjects - Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
- Delete
Unconfirmed boolUsers - Specifies whether users who have not confirmed their email should be deleted. When set to true, unconfirmed users are deleted after unconfirmedusersdeleteafterdays days. Introduced in GitLab 16.1. Self-managed, Premium and Ultimate only.
- Deletion
Adjourned intPeriod - The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
- Diagramsnet
Enabled bool - (If enabled, requires diagramsnet_url) Enable Diagrams.net integration.
- Diagramsnet
Url string - The Diagrams.net instance URL for integration.
- Diff
Max intFiles - Maximum files in a diff.
- Diff
Max intLines - Maximum lines in a diff.
- Diff
Max intPatch Bytes - Maximum diff patch size, in bytes.
- Disable
Admin boolOauth Scopes - Stops administrators from connecting their GitLab accounts to non-trusted OAuth 2.0 applications that have the api, readapi, readrepository, writerepository, readregistry, write_registry, or sudo scopes. Introduced in GitLab 15.6.
- Disable
Feed boolToken - Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- Disable
Personal boolAccess Tokens - Disable personal access tokens. Introduced in GitLab 15.7. Self-managed, Premium and Ultimate only. There is no method available to enable a personal access token that’s been disabled through the API. This is a known issue.
- Disabled
Oauth List<string>Sign In Sources - Disabled OAuth sign-in sources.
- Dns
Rebinding boolProtection Enabled - Enforce DNS rebinding attack protection.
- Domain
Allowlists List<string> - Force people to use only corporate emails for sign-up. Null means there is no restriction.
- Domain
Denylist boolEnabled - (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- Domain
Denylists List<string> - Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- Downstream
Pipeline intTrigger Limit Per Project User Sha - Maximum downstream pipeline trigger rate. Introduced in GitLab 16.10.
- Dsa
Key intRestriction - The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
- Duo
Features boolEnabled - Indicates whether GitLab Duo features are enabled for this instance. Introduced in GitLab 16.10. Self-managed, Premium and Ultimate only.
- Ecdsa
Key intRestriction - The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
- Ecdsa
Sk intKey Restriction - The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
- Ed25519Key
Restriction int - The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
- Ed25519Sk
Key intRestriction - The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
- Eks
Access stringKey Id - AWS IAM access key ID.
- Eks
Account stringId - Amazon account ID.
- Eks
Integration boolEnabled - Enable integration with Amazon EKS.
- Eks
Secret stringAccess Key - AWS IAM secret access key.
- Elasticsearch
Aws bool - Enable the use of AWS hosted Elasticsearch.
- Elasticsearch
Aws stringAccess Key - AWS IAM access key.
- Elasticsearch
Aws stringRegion - The AWS region the Elasticsearch domain is configured.
- Elasticsearch
Aws stringSecret Access Key - AWS IAM secret access key.
- Elasticsearch
Indexed intField Length Limit - Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- Elasticsearch
Indexed intFile Size Limit Kb - Maximum size of repository and wiki files that are indexed by Elasticsearch.
- Elasticsearch
Indexing bool - Enable Elasticsearch indexing.
- Elasticsearch
Limit boolIndexing - Limit Elasticsearch to index certain namespaces and projects.
- Elasticsearch
Max intBulk Concurrency - Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- Elasticsearch
Max intBulk Size Mb - Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- Elasticsearch
Namespace List<int>Ids - The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- Elasticsearch
Password string - The password of your Elasticsearch instance.
- Elasticsearch
Project List<int>Ids - The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- Elasticsearch
Search bool - Enable Elasticsearch search.
- Elasticsearch
Urls List<string> - The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- Elasticsearch
Username string - The username of your Elasticsearch instance.
- Email
Additional stringText - Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- bool
- Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- Enabled
Git stringAccess Protocol - Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- Enforce
Namespace boolStorage Limit - Enabling this permits enforcement of namespace storage limits.
- Enforce
Terms bool - (If enabled, requires: terms) Enforce application ToS to all users.
- External
Auth stringClient Cert - (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- External
Auth stringClient Key - Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- External
Auth stringClient Key Pass - Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- string
- The default classification label to use when requesting authorization and no classification label has been specified on the project.
- bool
- (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- double
- The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- string
- URL to which authorization requests are directed.
- External
Pipeline intValidation Service Timeout - How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- External
Pipeline stringValidation Service Token - Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- External
Pipeline stringValidation Service Url - URL to use for pipeline validation requests.
- File
Template intProject Id - The ID of a project to load custom file templates from.
- First
Day intOf Week - Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
- Geo
Node stringAllowed Ips - Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- Geo
Status intTimeout - The amount of seconds after which a request to get a secondary node status times out.
- Git
Rate List<string>Limit Users Allowlists - List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
- Git
Two intFactor Session Expiry - Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- Gitaly
Timeout intDefault - Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- Gitaly
Timeout intFast - Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- Gitaly
Timeout intMedium - Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- Grafana
Enabled bool - Enable Grafana.
- Grafana
Url string - Grafana URL.
- Gravatar
Enabled bool - Enable Gravatar.
- Group
Owners boolCan Manage Default Branch Protection - Prevent overrides of default branch protection.
- Hashed
Storage boolEnabled - Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- Help
Page boolHide Commercial Content - Hide marketing-related entries from help.
- Help
Page stringSupport Url - Alternate support URL for help page and help dropdown.
- Help
Page stringText - Custom text displayed on the help page.
- Help
Text string - GitLab server administrator information.
- Hide
Third boolParty Offers - Do not display offers from third parties in GitLab.
- Home
Page stringUrl - Redirect to this URL when not logged in.
- Housekeeping
Enabled bool - Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
- Housekeeping
Full intRepack Period - Number of Git pushes after which an incremental git repack is run.
- Housekeeping
Gc intPeriod - Number of Git pushes after which git gc is run.
- Housekeeping
Incremental intRepack Period - Number of Git pushes after which an incremental git repack is run.
- Housekeeping
Optimize intRepository Period - Number of Git pushes after which an incremental git repack is run.
- Html
Emails boolEnabled - Enable HTML emails.
- Import
Sources List<string> - Sources to allow project import from. Valid values are:
github,bitbucket,bitbucket_server,fogbugz,git,gitlab.Project,gitea,manifest - In
Product boolMarketing Emails Enabled - Enable in-product marketing emails.
- Inactive
Projects intDelete After Months - If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Inactive
Projects intMin Size Mb - If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Inactive
Projects intSend Warning Email After Months - If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Invisible
Captcha boolEnabled - Enable Invisible CAPTCHA spam detection during sign-up.
- Issues
Create intLimit - Max number of issue creation requests per minute per user.
- Keep
Latest boolArtifact - Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
- Local
Markdown intVersion - Increase this value when any cached Markdown should be invalidated.
- Mailgun
Events boolEnabled - Enable Mailgun event receiver.
- Mailgun
Signing stringKey - The Mailgun HTTP webhook signing key for receiving events from webhook.
- Maintenance
Mode bool - When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- Maintenance
Mode stringMessage - Message displayed when instance is in maintenance mode.
- Max
Artifacts intSize - Maximum artifacts size in MB.
- Max
Attachment intSize - Limit attachment size in MB.
- Max
Export intSize - Maximum export size in MB. 0 for unlimited.
- Max
Import intSize - Maximum import size in MB. 0 for unlimited.
- Max
Number intOf Repository Downloads - Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- Max
Number intOf Repository Downloads Within Time Period - Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- Max
Pages intSize - Maximum size of pages repositories in MB.
- Max
Personal intAccess Token Lifetime - Maximum allowable lifetime for access tokens in days.
- Max
Ssh intKey Lifetime - Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- Max
Terraform intState Size Bytes - Metrics
Method intCall Threshold - A method call is only tracked when it takes longer than the given amount of milliseconds.
- Minimum
Password intLength - Indicates whether passwords require a minimum length. Introduced in GitLab 15.1. Premium and Ultimate only.
- Mirror
Available bool - Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- Mirror
Capacity intThreshold - Minimum capacity to be available before scheduling more mirrors preemptively.
- Mirror
Max intCapacity - Maximum number of mirrors that can be synchronizing at the same time.
- Mirror
Max intDelay - Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- Npm
Package boolRequests Forwarding - Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- Outbound
Local List<string>Requests Whitelists - Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- Package
Registry intCleanup Policies Worker Capacity - Number of workers assigned to the packages cleanup policies.
- Pages
Domain boolVerification Enabled - Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- Password
Authentication boolEnabled For Git - Enable authentication for Git over HTTP(S) via a GitLab account password.
- Password
Authentication boolEnabled For Web - Enable authentication for the web interface via a GitLab account password.
- Password
Lowercase boolRequired - Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- Password
Number boolRequired - Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- Password
Symbol boolRequired - Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- Password
Uppercase boolRequired - Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- Performance
Bar stringAllowed Group Path - Path of the group that is allowed to toggle the performance bar.
- Personal
Access stringToken Prefix - Prefix for all generated personal access tokens.
- Pipeline
Limit intPer Project User Sha - Maximum number of pipeline creation requests per minute per user and commit.
- Plantuml
Enabled bool - (If enabled, requires: plantuml_url) Enable PlantUML integration.
- Plantuml
Url string - The PlantUML instance URL for integration.
- Polling
Interval doubleMultiplier - Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- Project
Export boolEnabled - Enable project export.
- Prometheus
Metrics boolEnabled - Enable Prometheus metrics.
- Protected
Ci boolVariables - CI/CD variables are protected by default.
- Push
Event intActivities Limit - Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- Push
Event intHooks Limit - Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- Pypi
Package boolRequests Forwarding - Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- Rate
Limiting stringResponse Text - When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- Raw
Blob intRequest Limit - Max number of requests per minute for each raw path. To disable throttling set to 0.
- Recaptcha
Enabled bool - (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- Recaptcha
Private stringKey - Private key for reCAPTCHA.
- Recaptcha
Site stringKey - Site key for reCAPTCHA.
- Receive
Max intInput Size - Maximum push size (MB).
- Repository
Checks boolEnabled - GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- Repository
Size intLimit - Size limit per repository (MB).
- Repository
Storages List<string> - (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- Repository
Storages Dictionary<string, int>Weighted - (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- Require
Admin boolApproval After User Signup - When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- Require
Two boolFactor Authentication - (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- Restricted
Visibility List<string>Levels - Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
- Rsa
Key intRestriction - The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
- Search
Rate intLimit - Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
- Search
Rate intLimit Unauthenticated - Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
- Send
User boolConfirmation Email - Send confirmation email on sign-up.
- Session
Expire intDelay - Session duration in minutes. GitLab restart is required to apply changes.
- bool
- (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- int
- Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- string
- Shared runners text.
- Sidekiq
Job intLimiter Compression Threshold Bytes - The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
- Sidekiq
Job intLimiter Limit Bytes - The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
- Sidekiq
Job stringLimiter Mode - track or compress. Sets the behavior for Sidekiq job size limits.
- Sign
In stringText - Text on the login page.
- Signup
Enabled bool - Enable registration.
- Slack
App boolEnabled - (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- Slack
App stringId - The app ID of the Slack-app.
- Slack
App stringSecret - The app secret of the Slack-app.
- Slack
App stringSigning Secret - The signing secret of the Slack-app.
- Slack
App stringVerification Token - The verification token of the Slack-app.
- Snippet
Size intLimit - Max snippet content size in bytes.
- Snowplow
App stringId - The Snowplow site name / application ID. (for example, gitlab)
- Snowplow
Collector stringHostname - The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- string
- The Snowplow cookie domain. (for example, .gitlab.com)
- Snowplow
Enabled bool - Enable snowplow tracking.
- Sourcegraph
Enabled bool - Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
- Sourcegraph
Public boolOnly - Blocks Sourcegraph from being loaded on private and internal projects.
- Sourcegraph
Url string - The Sourcegraph instance URL for integration.
- Spam
Check stringApi Key - API key used by GitLab for accessing the Spam Check service endpoint.
- Spam
Check boolEndpoint Enabled - Enables spam checking using external Spam Check API endpoint.
- Spam
Check stringEndpoint Url - URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- Suggest
Pipeline boolEnabled - Enable pipeline suggestion banner.
- Terminal
Max intSession Time - Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- Terms string
- (Required by: enforce_terms) Markdown content for the ToS.
- Throttle
Authenticated boolApi Enabled - (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Authenticated intApi Period In Seconds - Rate limit period (in seconds).
- Throttle
Authenticated intApi Requests Per Period - Maximum requests per period per user.
- Throttle
Authenticated boolPackages Api Enabled - (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- Throttle
Authenticated intPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- Throttle
Authenticated intPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- Throttle
Authenticated boolWeb Enabled - (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Authenticated intWeb Period In Seconds - Rate limit period (in seconds).
- Throttle
Authenticated intWeb Requests Per Period - Maximum requests per period per user.
- Throttle
Unauthenticated boolApi Enabled - (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Unauthenticated intApi Period In Seconds - Rate limit period in seconds.
- Throttle
Unauthenticated intApi Requests Per Period - Max requests per period per IP.
- Throttle
Unauthenticated boolPackages Api Enabled - (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- Throttle
Unauthenticated intPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- Throttle
Unauthenticated intPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- Throttle
Unauthenticated boolWeb Enabled - (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Unauthenticated intWeb Period In Seconds - Rate limit period in seconds.
- Throttle
Unauthenticated intWeb Requests Per Period - Max requests per period per IP.
- Time
Tracking boolLimit To Hours - Limit display of time tracking units to hours.
- Two
Factor intGrace Period - Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- Unique
Ips boolLimit Enabled - (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- Unique
Ips intLimit Per User - Maximum number of IPs per user.
- Unique
Ips intLimit Time Window - How many seconds an IP is counted towards the limit.
- Usage
Ping boolEnabled - Every week GitLab reports license usage back to GitLab, Inc.
- User
Deactivation boolEmails Enabled - Send an email to users upon account deactivation.
- User
Default boolExternal - Newly registered users are external by default.
- User
Default stringInternal Regex - Specify an email address regex pattern to identify default internal users.
- User
Oauth boolApplications - Allow users to register any application to use GitLab as an OAuth provider.
- User
Show boolAdd Ssh Key Message - When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- Version
Check boolEnabled - Let GitLab inform you when an update is available.
- Web
Ide boolClientside Preview Enabled - Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- Whats
New stringVariant - What’s new variant, possible values: alltiers, currenttier, and disabled.
- Wiki
Page intMax Content Bytes - Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
- Abuse
Notification stringEmail - If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- Admin
Mode bool - Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- After
Sign stringOut Path - Where to redirect users after logout.
- After
Sign stringUp Text - Text shown to the user after signing up.
- string
- API key for Akismet spam protection.
- bool
- (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- Allow
Account boolDeletion - Set to true to allow users to delete their accounts. Premium and Ultimate only.
- Allow
Group boolOwners To Manage Ldap - Set to true to allow group owners to manage LDAP.
- Allow
Local boolRequests From System Hooks - Allow requests to the local network from system hooks.
- Allow
Local boolRequests From Web Hooks And Services - Allow requests to the local network from web hooks and services.
- Allow
Project boolCreation For Guest And Below - Indicates whether users assigned up to the Guest role can create groups and personal projects.
- Allow
Runner boolRegistration Token - Allow using a registration token to create a runner.
- Archive
Builds stringIn Human Readable - Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- Asciidoc
Max intIncludes - Maximum limit of AsciiDoc include directives being processed in any one document. Maximum: 64.
- Asset
Proxy []stringAllowlists - Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- Asset
Proxy boolEnabled - (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- Asset
Proxy stringSecret Key - Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- Asset
Proxy stringUrl - URL of the asset proxy server. GitLab restart is required to apply changes.
- bool
- By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- Auto
Ban boolUser On Excessive Projects Download - When enabled, users will get automatically banned from the application when they download more than the maximum number of unique projects in the time period specified by maxnumberofrepositorydownloads and maxnumberofrepositorydownloadswithintime_period respectively. Introduced in GitLab 15.4. Self-managed, Ultimate only.
- Auto
Devops stringDomain - Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- Auto
Devops boolEnabled - Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- Automatic
Purchased boolStorage Allocation - Enabling this permits automatic allocation of purchased storage in a namespace.
- Bulk
Import intConcurrent Pipeline Batch Limit - Maximum simultaneous Direct Transfer batches to process.
- Bulk
Import boolEnabled - Enable migrating GitLab groups by direct transfer. Introduced in GitLab 15.8.
- Bulk
Import intMax Download File Size - Maximum download file size when importing from source GitLab instances by direct transfer. Introduced in GitLab 16.3.
- Can
Create boolGroup - Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
- Check
Namespace boolPlan - Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- Ci
Max intIncludes - The maximum number of includes per pipeline.
- Ci
Max intTotal Yaml Size Bytes - The maximum amount of memory, in bytes, that can be allocated for the pipeline configuration, with all included YAML configuration files.
- Commit
Email stringHostname - Custom hostname (for private commit emails).
- Concurrent
Bitbucket intImport Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Cloud importer. Introduced in GitLab 16.11.
- Concurrent
Bitbucket intServer Import Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Server importer. Introduced in GitLab 16.11.
- Concurrent
Github intImport Jobs Limit - Maximum number of simultaneous import jobs for the GitHub importer. Introduced in GitLab 16.11.
- Container
Expiration boolPolicies Enable Historic Entries - Enable cleanup policies for all projects.
- int
- The maximum number of tags that can be deleted in a single execution of cleanup policies.
- int
- The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- Container
Registry boolExpiration Policies Caching - Caching during the execution of cleanup policies.
- Container
Registry intExpiration Policies Worker Capacity - Number of workers for cleanup policies.
- Container
Registry intToken Expire Delay - Container Registry token duration in minutes.
- Deactivate
Dormant boolUsers - Enable automatic deactivation of dormant users.
- Deactivate
Dormant intUsers Period - Length of time (in days) after which a user is considered dormant. Introduced in GitLab 15.3.
- Decompress
Archive intFile Timeout - Default timeout for decompressing archived files, in seconds. Set to 0 to disable timeouts. Introduced in GitLab 16.4.
- Default
Artifacts stringExpire In - Set the default expiration time for each job’s artifacts.
- Default
Branch stringName - Instance-level custom initial branch name (introduced in GitLab 13.2).
- Default
Branch intProtection - Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- Default
Branch ApplicationProtection Defaults Settings Default Branch Protection Defaults Args - The defaultbranchprotection*defaults attribute describes the default branch protection defaults. All parameters are optional.
- Default
Ci stringConfig Path - Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- Default
Group stringVisibility - What visibility level new groups receive. Can take private, internal and public as a parameter.
- Default
Preferred stringLanguage - Default preferred language for users who are not logged in.
- Default
Project intCreation - Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- Default
Project stringVisibility - What visibility level new projects receive. Can take private, internal and public as a parameter.
- Default
Projects intLimit - Project limit per user.
- Default
Snippet stringVisibility - What visibility level new snippets receive. Can take private, internal and public as a parameter.
- Default
Syntax intHighlighting Theme - Default syntax highlighting theme for users who are new or not signed in. See IDs of available themes (https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/themes.rb#L16)
- Delete
Inactive boolProjects - Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
- Delete
Unconfirmed boolUsers - Specifies whether users who have not confirmed their email should be deleted. When set to true, unconfirmed users are deleted after unconfirmedusersdeleteafterdays days. Introduced in GitLab 16.1. Self-managed, Premium and Ultimate only.
- Deletion
Adjourned intPeriod - The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
- Diagramsnet
Enabled bool - (If enabled, requires diagramsnet_url) Enable Diagrams.net integration.
- Diagramsnet
Url string - The Diagrams.net instance URL for integration.
- Diff
Max intFiles - Maximum files in a diff.
- Diff
Max intLines - Maximum lines in a diff.
- Diff
Max intPatch Bytes - Maximum diff patch size, in bytes.
- Disable
Admin boolOauth Scopes - Stops administrators from connecting their GitLab accounts to non-trusted OAuth 2.0 applications that have the api, readapi, readrepository, writerepository, readregistry, write_registry, or sudo scopes. Introduced in GitLab 15.6.
- Disable
Feed boolToken - Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- Disable
Personal boolAccess Tokens - Disable personal access tokens. Introduced in GitLab 15.7. Self-managed, Premium and Ultimate only. There is no method available to enable a personal access token that’s been disabled through the API. This is a known issue.
- Disabled
Oauth []stringSign In Sources - Disabled OAuth sign-in sources.
- Dns
Rebinding boolProtection Enabled - Enforce DNS rebinding attack protection.
- Domain
Allowlists []string - Force people to use only corporate emails for sign-up. Null means there is no restriction.
- Domain
Denylist boolEnabled - (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- Domain
Denylists []string - Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- Downstream
Pipeline intTrigger Limit Per Project User Sha - Maximum downstream pipeline trigger rate. Introduced in GitLab 16.10.
- Dsa
Key intRestriction - The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
- Duo
Features boolEnabled - Indicates whether GitLab Duo features are enabled for this instance. Introduced in GitLab 16.10. Self-managed, Premium and Ultimate only.
- Ecdsa
Key intRestriction - The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
- Ecdsa
Sk intKey Restriction - The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
- Ed25519Key
Restriction int - The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
- Ed25519Sk
Key intRestriction - The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
- Eks
Access stringKey Id - AWS IAM access key ID.
- Eks
Account stringId - Amazon account ID.
- Eks
Integration boolEnabled - Enable integration with Amazon EKS.
- Eks
Secret stringAccess Key - AWS IAM secret access key.
- Elasticsearch
Aws bool - Enable the use of AWS hosted Elasticsearch.
- Elasticsearch
Aws stringAccess Key - AWS IAM access key.
- Elasticsearch
Aws stringRegion - The AWS region the Elasticsearch domain is configured.
- Elasticsearch
Aws stringSecret Access Key - AWS IAM secret access key.
- Elasticsearch
Indexed intField Length Limit - Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- Elasticsearch
Indexed intFile Size Limit Kb - Maximum size of repository and wiki files that are indexed by Elasticsearch.
- Elasticsearch
Indexing bool - Enable Elasticsearch indexing.
- Elasticsearch
Limit boolIndexing - Limit Elasticsearch to index certain namespaces and projects.
- Elasticsearch
Max intBulk Concurrency - Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- Elasticsearch
Max intBulk Size Mb - Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- Elasticsearch
Namespace []intIds - The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- Elasticsearch
Password string - The password of your Elasticsearch instance.
- Elasticsearch
Project []intIds - The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- Elasticsearch
Search bool - Enable Elasticsearch search.
- Elasticsearch
Urls []string - The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- Elasticsearch
Username string - The username of your Elasticsearch instance.
- Email
Additional stringText - Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- bool
- Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- Enabled
Git stringAccess Protocol - Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- Enforce
Namespace boolStorage Limit - Enabling this permits enforcement of namespace storage limits.
- Enforce
Terms bool - (If enabled, requires: terms) Enforce application ToS to all users.
- External
Auth stringClient Cert - (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- External
Auth stringClient Key - Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- External
Auth stringClient Key Pass - Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- string
- The default classification label to use when requesting authorization and no classification label has been specified on the project.
- bool
- (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- float64
- The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- string
- URL to which authorization requests are directed.
- External
Pipeline intValidation Service Timeout - How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- External
Pipeline stringValidation Service Token - Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- External
Pipeline stringValidation Service Url - URL to use for pipeline validation requests.
- File
Template intProject Id - The ID of a project to load custom file templates from.
- First
Day intOf Week - Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
- Geo
Node stringAllowed Ips - Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- Geo
Status intTimeout - The amount of seconds after which a request to get a secondary node status times out.
- Git
Rate []stringLimit Users Allowlists - List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
- Git
Two intFactor Session Expiry - Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- Gitaly
Timeout intDefault - Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- Gitaly
Timeout intFast - Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- Gitaly
Timeout intMedium - Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- Grafana
Enabled bool - Enable Grafana.
- Grafana
Url string - Grafana URL.
- Gravatar
Enabled bool - Enable Gravatar.
- Group
Owners boolCan Manage Default Branch Protection - Prevent overrides of default branch protection.
- Hashed
Storage boolEnabled - Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- Help
Page boolHide Commercial Content - Hide marketing-related entries from help.
- Help
Page stringSupport Url - Alternate support URL for help page and help dropdown.
- Help
Page stringText - Custom text displayed on the help page.
- Help
Text string - GitLab server administrator information.
- Hide
Third boolParty Offers - Do not display offers from third parties in GitLab.
- Home
Page stringUrl - Redirect to this URL when not logged in.
- Housekeeping
Enabled bool - Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
- Housekeeping
Full intRepack Period - Number of Git pushes after which an incremental git repack is run.
- Housekeeping
Gc intPeriod - Number of Git pushes after which git gc is run.
- Housekeeping
Incremental intRepack Period - Number of Git pushes after which an incremental git repack is run.
- Housekeeping
Optimize intRepository Period - Number of Git pushes after which an incremental git repack is run.
- Html
Emails boolEnabled - Enable HTML emails.
- Import
Sources []string - Sources to allow project import from. Valid values are:
github,bitbucket,bitbucket_server,fogbugz,git,gitlab.Project,gitea,manifest - In
Product boolMarketing Emails Enabled - Enable in-product marketing emails.
- Inactive
Projects intDelete After Months - If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Inactive
Projects intMin Size Mb - If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Inactive
Projects intSend Warning Email After Months - If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- Invisible
Captcha boolEnabled - Enable Invisible CAPTCHA spam detection during sign-up.
- Issues
Create intLimit - Max number of issue creation requests per minute per user.
- Keep
Latest boolArtifact - Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
- Local
Markdown intVersion - Increase this value when any cached Markdown should be invalidated.
- Mailgun
Events boolEnabled - Enable Mailgun event receiver.
- Mailgun
Signing stringKey - The Mailgun HTTP webhook signing key for receiving events from webhook.
- Maintenance
Mode bool - When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- Maintenance
Mode stringMessage - Message displayed when instance is in maintenance mode.
- Max
Artifacts intSize - Maximum artifacts size in MB.
- Max
Attachment intSize - Limit attachment size in MB.
- Max
Export intSize - Maximum export size in MB. 0 for unlimited.
- Max
Import intSize - Maximum import size in MB. 0 for unlimited.
- Max
Number intOf Repository Downloads - Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- Max
Number intOf Repository Downloads Within Time Period - Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- Max
Pages intSize - Maximum size of pages repositories in MB.
- Max
Personal intAccess Token Lifetime - Maximum allowable lifetime for access tokens in days.
- Max
Ssh intKey Lifetime - Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- Max
Terraform intState Size Bytes - Metrics
Method intCall Threshold - A method call is only tracked when it takes longer than the given amount of milliseconds.
- Minimum
Password intLength - Indicates whether passwords require a minimum length. Introduced in GitLab 15.1. Premium and Ultimate only.
- Mirror
Available bool - Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- Mirror
Capacity intThreshold - Minimum capacity to be available before scheduling more mirrors preemptively.
- Mirror
Max intCapacity - Maximum number of mirrors that can be synchronizing at the same time.
- Mirror
Max intDelay - Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- Npm
Package boolRequests Forwarding - Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- Outbound
Local []stringRequests Whitelists - Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- Package
Registry intCleanup Policies Worker Capacity - Number of workers assigned to the packages cleanup policies.
- Pages
Domain boolVerification Enabled - Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- Password
Authentication boolEnabled For Git - Enable authentication for Git over HTTP(S) via a GitLab account password.
- Password
Authentication boolEnabled For Web - Enable authentication for the web interface via a GitLab account password.
- Password
Lowercase boolRequired - Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- Password
Number boolRequired - Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- Password
Symbol boolRequired - Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- Password
Uppercase boolRequired - Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- Performance
Bar stringAllowed Group Path - Path of the group that is allowed to toggle the performance bar.
- Personal
Access stringToken Prefix - Prefix for all generated personal access tokens.
- Pipeline
Limit intPer Project User Sha - Maximum number of pipeline creation requests per minute per user and commit.
- Plantuml
Enabled bool - (If enabled, requires: plantuml_url) Enable PlantUML integration.
- Plantuml
Url string - The PlantUML instance URL for integration.
- Polling
Interval float64Multiplier - Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- Project
Export boolEnabled - Enable project export.
- Prometheus
Metrics boolEnabled - Enable Prometheus metrics.
- Protected
Ci boolVariables - CI/CD variables are protected by default.
- Push
Event intActivities Limit - Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- Push
Event intHooks Limit - Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- Pypi
Package boolRequests Forwarding - Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- Rate
Limiting stringResponse Text - When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- Raw
Blob intRequest Limit - Max number of requests per minute for each raw path. To disable throttling set to 0.
- Recaptcha
Enabled bool - (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- Recaptcha
Private stringKey - Private key for reCAPTCHA.
- Recaptcha
Site stringKey - Site key for reCAPTCHA.
- Receive
Max intInput Size - Maximum push size (MB).
- Repository
Checks boolEnabled - GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- Repository
Size intLimit - Size limit per repository (MB).
- Repository
Storages []string - (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- Repository
Storages map[string]intWeighted - (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- Require
Admin boolApproval After User Signup - When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- Require
Two boolFactor Authentication - (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- Restricted
Visibility []stringLevels - Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
- Rsa
Key intRestriction - The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
- Search
Rate intLimit - Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
- Search
Rate intLimit Unauthenticated - Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
- Send
User boolConfirmation Email - Send confirmation email on sign-up.
- Session
Expire intDelay - Session duration in minutes. GitLab restart is required to apply changes.
- bool
- (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- int
- Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- string
- Shared runners text.
- Sidekiq
Job intLimiter Compression Threshold Bytes - The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
- Sidekiq
Job intLimiter Limit Bytes - The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
- Sidekiq
Job stringLimiter Mode - track or compress. Sets the behavior for Sidekiq job size limits.
- Sign
In stringText - Text on the login page.
- Signup
Enabled bool - Enable registration.
- Slack
App boolEnabled - (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- Slack
App stringId - The app ID of the Slack-app.
- Slack
App stringSecret - The app secret of the Slack-app.
- Slack
App stringSigning Secret - The signing secret of the Slack-app.
- Slack
App stringVerification Token - The verification token of the Slack-app.
- Snippet
Size intLimit - Max snippet content size in bytes.
- Snowplow
App stringId - The Snowplow site name / application ID. (for example, gitlab)
- Snowplow
Collector stringHostname - The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- string
- The Snowplow cookie domain. (for example, .gitlab.com)
- Snowplow
Enabled bool - Enable snowplow tracking.
- Sourcegraph
Enabled bool - Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
- Sourcegraph
Public boolOnly - Blocks Sourcegraph from being loaded on private and internal projects.
- Sourcegraph
Url string - The Sourcegraph instance URL for integration.
- Spam
Check stringApi Key - API key used by GitLab for accessing the Spam Check service endpoint.
- Spam
Check boolEndpoint Enabled - Enables spam checking using external Spam Check API endpoint.
- Spam
Check stringEndpoint Url - URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- Suggest
Pipeline boolEnabled - Enable pipeline suggestion banner.
- Terminal
Max intSession Time - Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- Terms string
- (Required by: enforce_terms) Markdown content for the ToS.
- Throttle
Authenticated boolApi Enabled - (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Authenticated intApi Period In Seconds - Rate limit period (in seconds).
- Throttle
Authenticated intApi Requests Per Period - Maximum requests per period per user.
- Throttle
Authenticated boolPackages Api Enabled - (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- Throttle
Authenticated intPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- Throttle
Authenticated intPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- Throttle
Authenticated boolWeb Enabled - (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Authenticated intWeb Period In Seconds - Rate limit period (in seconds).
- Throttle
Authenticated intWeb Requests Per Period - Maximum requests per period per user.
- Throttle
Unauthenticated boolApi Enabled - (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Unauthenticated intApi Period In Seconds - Rate limit period in seconds.
- Throttle
Unauthenticated intApi Requests Per Period - Max requests per period per IP.
- Throttle
Unauthenticated boolPackages Api Enabled - (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- Throttle
Unauthenticated intPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- Throttle
Unauthenticated intPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- Throttle
Unauthenticated boolWeb Enabled - (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- Throttle
Unauthenticated intWeb Period In Seconds - Rate limit period in seconds.
- Throttle
Unauthenticated intWeb Requests Per Period - Max requests per period per IP.
- Time
Tracking boolLimit To Hours - Limit display of time tracking units to hours.
- Two
Factor intGrace Period - Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- Unique
Ips boolLimit Enabled - (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- Unique
Ips intLimit Per User - Maximum number of IPs per user.
- Unique
Ips intLimit Time Window - How many seconds an IP is counted towards the limit.
- Usage
Ping boolEnabled - Every week GitLab reports license usage back to GitLab, Inc.
- User
Deactivation boolEmails Enabled - Send an email to users upon account deactivation.
- User
Default boolExternal - Newly registered users are external by default.
- User
Default stringInternal Regex - Specify an email address regex pattern to identify default internal users.
- User
Oauth boolApplications - Allow users to register any application to use GitLab as an OAuth provider.
- User
Show boolAdd Ssh Key Message - When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- Version
Check boolEnabled - Let GitLab inform you when an update is available.
- Web
Ide boolClientside Preview Enabled - Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- Whats
New stringVariant - What’s new variant, possible values: alltiers, currenttier, and disabled.
- Wiki
Page intMax Content Bytes - Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
- abuse
Notification StringEmail - If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- admin
Mode Boolean - Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- after
Sign StringOut Path - Where to redirect users after logout.
- after
Sign StringUp Text - Text shown to the user after signing up.
- String
- API key for Akismet spam protection.
- Boolean
- (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- allow
Account BooleanDeletion - Set to true to allow users to delete their accounts. Premium and Ultimate only.
- allow
Group BooleanOwners To Manage Ldap - Set to true to allow group owners to manage LDAP.
- allow
Local BooleanRequests From System Hooks - Allow requests to the local network from system hooks.
- allow
Local BooleanRequests From Web Hooks And Services - Allow requests to the local network from web hooks and services.
- allow
Project BooleanCreation For Guest And Below - Indicates whether users assigned up to the Guest role can create groups and personal projects.
- allow
Runner BooleanRegistration Token - Allow using a registration token to create a runner.
- archive
Builds StringIn Human Readable - Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- asciidoc
Max IntegerIncludes - Maximum limit of AsciiDoc include directives being processed in any one document. Maximum: 64.
- asset
Proxy List<String>Allowlists - Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- asset
Proxy BooleanEnabled - (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- asset
Proxy StringSecret Key - Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- asset
Proxy StringUrl - URL of the asset proxy server. GitLab restart is required to apply changes.
- Boolean
- By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- auto
Ban BooleanUser On Excessive Projects Download - When enabled, users will get automatically banned from the application when they download more than the maximum number of unique projects in the time period specified by maxnumberofrepositorydownloads and maxnumberofrepositorydownloadswithintime_period respectively. Introduced in GitLab 15.4. Self-managed, Ultimate only.
- auto
Devops StringDomain - Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- auto
Devops BooleanEnabled - Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- automatic
Purchased BooleanStorage Allocation - Enabling this permits automatic allocation of purchased storage in a namespace.
- bulk
Import IntegerConcurrent Pipeline Batch Limit - Maximum simultaneous Direct Transfer batches to process.
- bulk
Import BooleanEnabled - Enable migrating GitLab groups by direct transfer. Introduced in GitLab 15.8.
- bulk
Import IntegerMax Download File Size - Maximum download file size when importing from source GitLab instances by direct transfer. Introduced in GitLab 16.3.
- can
Create BooleanGroup - Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
- check
Namespace BooleanPlan - Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- ci
Max IntegerIncludes - The maximum number of includes per pipeline.
- ci
Max IntegerTotal Yaml Size Bytes - The maximum amount of memory, in bytes, that can be allocated for the pipeline configuration, with all included YAML configuration files.
- commit
Email StringHostname - Custom hostname (for private commit emails).
- concurrent
Bitbucket IntegerImport Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Cloud importer. Introduced in GitLab 16.11.
- concurrent
Bitbucket IntegerServer Import Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Server importer. Introduced in GitLab 16.11.
- concurrent
Github IntegerImport Jobs Limit - Maximum number of simultaneous import jobs for the GitHub importer. Introduced in GitLab 16.11.
- container
Expiration BooleanPolicies Enable Historic Entries - Enable cleanup policies for all projects.
- Integer
- The maximum number of tags that can be deleted in a single execution of cleanup policies.
- Integer
- The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- container
Registry BooleanExpiration Policies Caching - Caching during the execution of cleanup policies.
- container
Registry IntegerExpiration Policies Worker Capacity - Number of workers for cleanup policies.
- container
Registry IntegerToken Expire Delay - Container Registry token duration in minutes.
- deactivate
Dormant BooleanUsers - Enable automatic deactivation of dormant users.
- deactivate
Dormant IntegerUsers Period - Length of time (in days) after which a user is considered dormant. Introduced in GitLab 15.3.
- decompress
Archive IntegerFile Timeout - Default timeout for decompressing archived files, in seconds. Set to 0 to disable timeouts. Introduced in GitLab 16.4.
- default
Artifacts StringExpire In - Set the default expiration time for each job’s artifacts.
- default
Branch StringName - Instance-level custom initial branch name (introduced in GitLab 13.2).
- default
Branch IntegerProtection - Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- default
Branch ApplicationProtection Defaults Settings Default Branch Protection Defaults - The defaultbranchprotection*defaults attribute describes the default branch protection defaults. All parameters are optional.
- default
Ci StringConfig Path - Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- default
Group StringVisibility - What visibility level new groups receive. Can take private, internal and public as a parameter.
- default
Preferred StringLanguage - Default preferred language for users who are not logged in.
- default
Project IntegerCreation - Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- default
Project StringVisibility - What visibility level new projects receive. Can take private, internal and public as a parameter.
- default
Projects IntegerLimit - Project limit per user.
- default
Snippet StringVisibility - What visibility level new snippets receive. Can take private, internal and public as a parameter.
- default
Syntax IntegerHighlighting Theme - Default syntax highlighting theme for users who are new or not signed in. See IDs of available themes (https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/themes.rb#L16)
- delete
Inactive BooleanProjects - Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
- delete
Unconfirmed BooleanUsers - Specifies whether users who have not confirmed their email should be deleted. When set to true, unconfirmed users are deleted after unconfirmedusersdeleteafterdays days. Introduced in GitLab 16.1. Self-managed, Premium and Ultimate only.
- deletion
Adjourned IntegerPeriod - The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
- diagramsnet
Enabled Boolean - (If enabled, requires diagramsnet_url) Enable Diagrams.net integration.
- diagramsnet
Url String - The Diagrams.net instance URL for integration.
- diff
Max IntegerFiles - Maximum files in a diff.
- diff
Max IntegerLines - Maximum lines in a diff.
- diff
Max IntegerPatch Bytes - Maximum diff patch size, in bytes.
- disable
Admin BooleanOauth Scopes - Stops administrators from connecting their GitLab accounts to non-trusted OAuth 2.0 applications that have the api, readapi, readrepository, writerepository, readregistry, write_registry, or sudo scopes. Introduced in GitLab 15.6.
- disable
Feed BooleanToken - Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- disable
Personal BooleanAccess Tokens - Disable personal access tokens. Introduced in GitLab 15.7. Self-managed, Premium and Ultimate only. There is no method available to enable a personal access token that’s been disabled through the API. This is a known issue.
- disabled
Oauth List<String>Sign In Sources - Disabled OAuth sign-in sources.
- dns
Rebinding BooleanProtection Enabled - Enforce DNS rebinding attack protection.
- domain
Allowlists List<String> - Force people to use only corporate emails for sign-up. Null means there is no restriction.
- domain
Denylist BooleanEnabled - (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- domain
Denylists List<String> - Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- downstream
Pipeline IntegerTrigger Limit Per Project User Sha - Maximum downstream pipeline trigger rate. Introduced in GitLab 16.10.
- dsa
Key IntegerRestriction - The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
- duo
Features BooleanEnabled - Indicates whether GitLab Duo features are enabled for this instance. Introduced in GitLab 16.10. Self-managed, Premium and Ultimate only.
- ecdsa
Key IntegerRestriction - The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
- ecdsa
Sk IntegerKey Restriction - The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
- ed25519Key
Restriction Integer - The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
- ed25519Sk
Key IntegerRestriction - The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
- eks
Access StringKey Id - AWS IAM access key ID.
- eks
Account StringId - Amazon account ID.
- eks
Integration BooleanEnabled - Enable integration with Amazon EKS.
- eks
Secret StringAccess Key - AWS IAM secret access key.
- elasticsearch
Aws Boolean - Enable the use of AWS hosted Elasticsearch.
- elasticsearch
Aws StringAccess Key - AWS IAM access key.
- elasticsearch
Aws StringRegion - The AWS region the Elasticsearch domain is configured.
- elasticsearch
Aws StringSecret Access Key - AWS IAM secret access key.
- elasticsearch
Indexed IntegerField Length Limit - Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- elasticsearch
Indexed IntegerFile Size Limit Kb - Maximum size of repository and wiki files that are indexed by Elasticsearch.
- elasticsearch
Indexing Boolean - Enable Elasticsearch indexing.
- elasticsearch
Limit BooleanIndexing - Limit Elasticsearch to index certain namespaces and projects.
- elasticsearch
Max IntegerBulk Concurrency - Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- elasticsearch
Max IntegerBulk Size Mb - Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- elasticsearch
Namespace List<Integer>Ids - The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch
Password String - The password of your Elasticsearch instance.
- elasticsearch
Project List<Integer>Ids - The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch
Search Boolean - Enable Elasticsearch search.
- elasticsearch
Urls List<String> - The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- elasticsearch
Username String - The username of your Elasticsearch instance.
- email
Additional StringText - Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- Boolean
- Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- enabled
Git StringAccess Protocol - Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- enforce
Namespace BooleanStorage Limit - Enabling this permits enforcement of namespace storage limits.
- enforce
Terms Boolean - (If enabled, requires: terms) Enforce application ToS to all users.
- external
Auth StringClient Cert - (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- external
Auth StringClient Key - Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- external
Auth StringClient Key Pass - Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- String
- The default classification label to use when requesting authorization and no classification label has been specified on the project.
- Boolean
- (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- Double
- The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- String
- URL to which authorization requests are directed.
- external
Pipeline IntegerValidation Service Timeout - How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- external
Pipeline StringValidation Service Token - Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- external
Pipeline StringValidation Service Url - URL to use for pipeline validation requests.
- file
Template IntegerProject Id - The ID of a project to load custom file templates from.
- first
Day IntegerOf Week - Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
- geo
Node StringAllowed Ips - Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- geo
Status IntegerTimeout - The amount of seconds after which a request to get a secondary node status times out.
- git
Rate List<String>Limit Users Allowlists - List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
- git
Two IntegerFactor Session Expiry - Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- gitaly
Timeout IntegerDefault - Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- gitaly
Timeout IntegerFast - Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- gitaly
Timeout IntegerMedium - Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- grafana
Enabled Boolean - Enable Grafana.
- grafana
Url String - Grafana URL.
- gravatar
Enabled Boolean - Enable Gravatar.
- group
Owners BooleanCan Manage Default Branch Protection - Prevent overrides of default branch protection.
- hashed
Storage BooleanEnabled - Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- help
Page BooleanHide Commercial Content - Hide marketing-related entries from help.
- help
Page StringSupport Url - Alternate support URL for help page and help dropdown.
- help
Page StringText - Custom text displayed on the help page.
- help
Text String - GitLab server administrator information.
- hide
Third BooleanParty Offers - Do not display offers from third parties in GitLab.
- home
Page StringUrl - Redirect to this URL when not logged in.
- housekeeping
Enabled Boolean - Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
- housekeeping
Full IntegerRepack Period - Number of Git pushes after which an incremental git repack is run.
- housekeeping
Gc IntegerPeriod - Number of Git pushes after which git gc is run.
- housekeeping
Incremental IntegerRepack Period - Number of Git pushes after which an incremental git repack is run.
- housekeeping
Optimize IntegerRepository Period - Number of Git pushes after which an incremental git repack is run.
- html
Emails BooleanEnabled - Enable HTML emails.
- import
Sources List<String> - Sources to allow project import from. Valid values are:
github,bitbucket,bitbucket_server,fogbugz,git,gitlab.Project,gitea,manifest - in
Product BooleanMarketing Emails Enabled - Enable in-product marketing emails.
- inactive
Projects IntegerDelete After Months - If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive
Projects IntegerMin Size Mb - If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive
Projects IntegerSend Warning Email After Months - If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- invisible
Captcha BooleanEnabled - Enable Invisible CAPTCHA spam detection during sign-up.
- issues
Create IntegerLimit - Max number of issue creation requests per minute per user.
- keep
Latest BooleanArtifact - Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
- local
Markdown IntegerVersion - Increase this value when any cached Markdown should be invalidated.
- mailgun
Events BooleanEnabled - Enable Mailgun event receiver.
- mailgun
Signing StringKey - The Mailgun HTTP webhook signing key for receiving events from webhook.
- maintenance
Mode Boolean - When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- maintenance
Mode StringMessage - Message displayed when instance is in maintenance mode.
- max
Artifacts IntegerSize - Maximum artifacts size in MB.
- max
Attachment IntegerSize - Limit attachment size in MB.
- max
Export IntegerSize - Maximum export size in MB. 0 for unlimited.
- max
Import IntegerSize - Maximum import size in MB. 0 for unlimited.
- max
Number IntegerOf Repository Downloads - Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- max
Number IntegerOf Repository Downloads Within Time Period - Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- max
Pages IntegerSize - Maximum size of pages repositories in MB.
- max
Personal IntegerAccess Token Lifetime - Maximum allowable lifetime for access tokens in days.
- max
Ssh IntegerKey Lifetime - Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- max
Terraform IntegerState Size Bytes - metrics
Method IntegerCall Threshold - A method call is only tracked when it takes longer than the given amount of milliseconds.
- minimum
Password IntegerLength - Indicates whether passwords require a minimum length. Introduced in GitLab 15.1. Premium and Ultimate only.
- mirror
Available Boolean - Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- mirror
Capacity IntegerThreshold - Minimum capacity to be available before scheduling more mirrors preemptively.
- mirror
Max IntegerCapacity - Maximum number of mirrors that can be synchronizing at the same time.
- mirror
Max IntegerDelay - Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- npm
Package BooleanRequests Forwarding - Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- outbound
Local List<String>Requests Whitelists - Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- package
Registry IntegerCleanup Policies Worker Capacity - Number of workers assigned to the packages cleanup policies.
- pages
Domain BooleanVerification Enabled - Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- password
Authentication BooleanEnabled For Git - Enable authentication for Git over HTTP(S) via a GitLab account password.
- password
Authentication BooleanEnabled For Web - Enable authentication for the web interface via a GitLab account password.
- password
Lowercase BooleanRequired - Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- password
Number BooleanRequired - Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- password
Symbol BooleanRequired - Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- password
Uppercase BooleanRequired - Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- performance
Bar StringAllowed Group Path - Path of the group that is allowed to toggle the performance bar.
- personal
Access StringToken Prefix - Prefix for all generated personal access tokens.
- pipeline
Limit IntegerPer Project User Sha - Maximum number of pipeline creation requests per minute per user and commit.
- plantuml
Enabled Boolean - (If enabled, requires: plantuml_url) Enable PlantUML integration.
- plantuml
Url String - The PlantUML instance URL for integration.
- polling
Interval DoubleMultiplier - Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- project
Export BooleanEnabled - Enable project export.
- prometheus
Metrics BooleanEnabled - Enable Prometheus metrics.
- protected
Ci BooleanVariables - CI/CD variables are protected by default.
- push
Event IntegerActivities Limit - Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- push
Event IntegerHooks Limit - Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- pypi
Package BooleanRequests Forwarding - Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- rate
Limiting StringResponse Text - When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- raw
Blob IntegerRequest Limit - Max number of requests per minute for each raw path. To disable throttling set to 0.
- recaptcha
Enabled Boolean - (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- recaptcha
Private StringKey - Private key for reCAPTCHA.
- recaptcha
Site StringKey - Site key for reCAPTCHA.
- receive
Max IntegerInput Size - Maximum push size (MB).
- repository
Checks BooleanEnabled - GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- repository
Size IntegerLimit - Size limit per repository (MB).
- repository
Storages List<String> - (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- repository
Storages Map<String,Integer>Weighted - (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- require
Admin BooleanApproval After User Signup - When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- require
Two BooleanFactor Authentication - (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- restricted
Visibility List<String>Levels - Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
- rsa
Key IntegerRestriction - The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
- search
Rate IntegerLimit - Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
- search
Rate IntegerLimit Unauthenticated - Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
- send
User BooleanConfirmation Email - Send confirmation email on sign-up.
- session
Expire IntegerDelay - Session duration in minutes. GitLab restart is required to apply changes.
- Boolean
- (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- Integer
- Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- String
- Shared runners text.
- sidekiq
Job IntegerLimiter Compression Threshold Bytes - The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
- sidekiq
Job IntegerLimiter Limit Bytes - The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
- sidekiq
Job StringLimiter Mode - track or compress. Sets the behavior for Sidekiq job size limits.
- sign
In StringText - Text on the login page.
- signup
Enabled Boolean - Enable registration.
- slack
App BooleanEnabled - (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- slack
App StringId - The app ID of the Slack-app.
- slack
App StringSecret - The app secret of the Slack-app.
- slack
App StringSigning Secret - The signing secret of the Slack-app.
- slack
App StringVerification Token - The verification token of the Slack-app.
- snippet
Size IntegerLimit - Max snippet content size in bytes.
- snowplow
App StringId - The Snowplow site name / application ID. (for example, gitlab)
- snowplow
Collector StringHostname - The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- String
- The Snowplow cookie domain. (for example, .gitlab.com)
- snowplow
Enabled Boolean - Enable snowplow tracking.
- sourcegraph
Enabled Boolean - Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
- sourcegraph
Public BooleanOnly - Blocks Sourcegraph from being loaded on private and internal projects.
- sourcegraph
Url String - The Sourcegraph instance URL for integration.
- spam
Check StringApi Key - API key used by GitLab for accessing the Spam Check service endpoint.
- spam
Check BooleanEndpoint Enabled - Enables spam checking using external Spam Check API endpoint.
- spam
Check StringEndpoint Url - URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- suggest
Pipeline BooleanEnabled - Enable pipeline suggestion banner.
- terminal
Max IntegerSession Time - Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- terms String
- (Required by: enforce_terms) Markdown content for the ToS.
- throttle
Authenticated BooleanApi Enabled - (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Authenticated IntegerApi Period In Seconds - Rate limit period (in seconds).
- throttle
Authenticated IntegerApi Requests Per Period - Maximum requests per period per user.
- throttle
Authenticated BooleanPackages Api Enabled - (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle
Authenticated IntegerPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle
Authenticated IntegerPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle
Authenticated BooleanWeb Enabled - (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Authenticated IntegerWeb Period In Seconds - Rate limit period (in seconds).
- throttle
Authenticated IntegerWeb Requests Per Period - Maximum requests per period per user.
- throttle
Unauthenticated BooleanApi Enabled - (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Unauthenticated IntegerApi Period In Seconds - Rate limit period in seconds.
- throttle
Unauthenticated IntegerApi Requests Per Period - Max requests per period per IP.
- throttle
Unauthenticated BooleanPackages Api Enabled - (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle
Unauthenticated IntegerPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle
Unauthenticated IntegerPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle
Unauthenticated BooleanWeb Enabled - (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Unauthenticated IntegerWeb Period In Seconds - Rate limit period in seconds.
- throttle
Unauthenticated IntegerWeb Requests Per Period - Max requests per period per IP.
- time
Tracking BooleanLimit To Hours - Limit display of time tracking units to hours.
- two
Factor IntegerGrace Period - Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- unique
Ips BooleanLimit Enabled - (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- unique
Ips IntegerLimit Per User - Maximum number of IPs per user.
- unique
Ips IntegerLimit Time Window - How many seconds an IP is counted towards the limit.
- usage
Ping BooleanEnabled - Every week GitLab reports license usage back to GitLab, Inc.
- user
Deactivation BooleanEmails Enabled - Send an email to users upon account deactivation.
- user
Default BooleanExternal - Newly registered users are external by default.
- user
Default StringInternal Regex - Specify an email address regex pattern to identify default internal users.
- user
Oauth BooleanApplications - Allow users to register any application to use GitLab as an OAuth provider.
- user
Show BooleanAdd Ssh Key Message - When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- version
Check BooleanEnabled - Let GitLab inform you when an update is available.
- web
Ide BooleanClientside Preview Enabled - Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- whats
New StringVariant - What’s new variant, possible values: alltiers, currenttier, and disabled.
- wiki
Page IntegerMax Content Bytes - Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
- abuse
Notification stringEmail - If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- admin
Mode boolean - Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- after
Sign stringOut Path - Where to redirect users after logout.
- after
Sign stringUp Text - Text shown to the user after signing up.
- string
- API key for Akismet spam protection.
- boolean
- (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- allow
Account booleanDeletion - Set to true to allow users to delete their accounts. Premium and Ultimate only.
- allow
Group booleanOwners To Manage Ldap - Set to true to allow group owners to manage LDAP.
- allow
Local booleanRequests From System Hooks - Allow requests to the local network from system hooks.
- allow
Local booleanRequests From Web Hooks And Services - Allow requests to the local network from web hooks and services.
- allow
Project booleanCreation For Guest And Below - Indicates whether users assigned up to the Guest role can create groups and personal projects.
- allow
Runner booleanRegistration Token - Allow using a registration token to create a runner.
- archive
Builds stringIn Human Readable - Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- asciidoc
Max numberIncludes - Maximum limit of AsciiDoc include directives being processed in any one document. Maximum: 64.
- asset
Proxy string[]Allowlists - Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- asset
Proxy booleanEnabled - (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- asset
Proxy stringSecret Key - Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- asset
Proxy stringUrl - URL of the asset proxy server. GitLab restart is required to apply changes.
- boolean
- By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- auto
Ban booleanUser On Excessive Projects Download - When enabled, users will get automatically banned from the application when they download more than the maximum number of unique projects in the time period specified by maxnumberofrepositorydownloads and maxnumberofrepositorydownloadswithintime_period respectively. Introduced in GitLab 15.4. Self-managed, Ultimate only.
- auto
Devops stringDomain - Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- auto
Devops booleanEnabled - Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- automatic
Purchased booleanStorage Allocation - Enabling this permits automatic allocation of purchased storage in a namespace.
- bulk
Import numberConcurrent Pipeline Batch Limit - Maximum simultaneous Direct Transfer batches to process.
- bulk
Import booleanEnabled - Enable migrating GitLab groups by direct transfer. Introduced in GitLab 15.8.
- bulk
Import numberMax Download File Size - Maximum download file size when importing from source GitLab instances by direct transfer. Introduced in GitLab 16.3.
- can
Create booleanGroup - Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
- check
Namespace booleanPlan - Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- ci
Max numberIncludes - The maximum number of includes per pipeline.
- ci
Max numberTotal Yaml Size Bytes - The maximum amount of memory, in bytes, that can be allocated for the pipeline configuration, with all included YAML configuration files.
- commit
Email stringHostname - Custom hostname (for private commit emails).
- concurrent
Bitbucket numberImport Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Cloud importer. Introduced in GitLab 16.11.
- concurrent
Bitbucket numberServer Import Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Server importer. Introduced in GitLab 16.11.
- concurrent
Github numberImport Jobs Limit - Maximum number of simultaneous import jobs for the GitHub importer. Introduced in GitLab 16.11.
- container
Expiration booleanPolicies Enable Historic Entries - Enable cleanup policies for all projects.
- number
- The maximum number of tags that can be deleted in a single execution of cleanup policies.
- number
- The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- container
Registry booleanExpiration Policies Caching - Caching during the execution of cleanup policies.
- container
Registry numberExpiration Policies Worker Capacity - Number of workers for cleanup policies.
- container
Registry numberToken Expire Delay - Container Registry token duration in minutes.
- deactivate
Dormant booleanUsers - Enable automatic deactivation of dormant users.
- deactivate
Dormant numberUsers Period - Length of time (in days) after which a user is considered dormant. Introduced in GitLab 15.3.
- decompress
Archive numberFile Timeout - Default timeout for decompressing archived files, in seconds. Set to 0 to disable timeouts. Introduced in GitLab 16.4.
- default
Artifacts stringExpire In - Set the default expiration time for each job’s artifacts.
- default
Branch stringName - Instance-level custom initial branch name (introduced in GitLab 13.2).
- default
Branch numberProtection - Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- default
Branch ApplicationProtection Defaults Settings Default Branch Protection Defaults - The defaultbranchprotection*defaults attribute describes the default branch protection defaults. All parameters are optional.
- default
Ci stringConfig Path - Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- default
Group stringVisibility - What visibility level new groups receive. Can take private, internal and public as a parameter.
- default
Preferred stringLanguage - Default preferred language for users who are not logged in.
- default
Project numberCreation - Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- default
Project stringVisibility - What visibility level new projects receive. Can take private, internal and public as a parameter.
- default
Projects numberLimit - Project limit per user.
- default
Snippet stringVisibility - What visibility level new snippets receive. Can take private, internal and public as a parameter.
- default
Syntax numberHighlighting Theme - Default syntax highlighting theme for users who are new or not signed in. See IDs of available themes (https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/themes.rb#L16)
- delete
Inactive booleanProjects - Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
- delete
Unconfirmed booleanUsers - Specifies whether users who have not confirmed their email should be deleted. When set to true, unconfirmed users are deleted after unconfirmedusersdeleteafterdays days. Introduced in GitLab 16.1. Self-managed, Premium and Ultimate only.
- deletion
Adjourned numberPeriod - The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
- diagramsnet
Enabled boolean - (If enabled, requires diagramsnet_url) Enable Diagrams.net integration.
- diagramsnet
Url string - The Diagrams.net instance URL for integration.
- diff
Max numberFiles - Maximum files in a diff.
- diff
Max numberLines - Maximum lines in a diff.
- diff
Max numberPatch Bytes - Maximum diff patch size, in bytes.
- disable
Admin booleanOauth Scopes - Stops administrators from connecting their GitLab accounts to non-trusted OAuth 2.0 applications that have the api, readapi, readrepository, writerepository, readregistry, write_registry, or sudo scopes. Introduced in GitLab 15.6.
- disable
Feed booleanToken - Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- disable
Personal booleanAccess Tokens - Disable personal access tokens. Introduced in GitLab 15.7. Self-managed, Premium and Ultimate only. There is no method available to enable a personal access token that’s been disabled through the API. This is a known issue.
- disabled
Oauth string[]Sign In Sources - Disabled OAuth sign-in sources.
- dns
Rebinding booleanProtection Enabled - Enforce DNS rebinding attack protection.
- domain
Allowlists string[] - Force people to use only corporate emails for sign-up. Null means there is no restriction.
- domain
Denylist booleanEnabled - (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- domain
Denylists string[] - Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- downstream
Pipeline numberTrigger Limit Per Project User Sha - Maximum downstream pipeline trigger rate. Introduced in GitLab 16.10.
- dsa
Key numberRestriction - The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
- duo
Features booleanEnabled - Indicates whether GitLab Duo features are enabled for this instance. Introduced in GitLab 16.10. Self-managed, Premium and Ultimate only.
- ecdsa
Key numberRestriction - The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
- ecdsa
Sk numberKey Restriction - The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
- ed25519Key
Restriction number - The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
- ed25519Sk
Key numberRestriction - The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
- eks
Access stringKey Id - AWS IAM access key ID.
- eks
Account stringId - Amazon account ID.
- eks
Integration booleanEnabled - Enable integration with Amazon EKS.
- eks
Secret stringAccess Key - AWS IAM secret access key.
- elasticsearch
Aws boolean - Enable the use of AWS hosted Elasticsearch.
- elasticsearch
Aws stringAccess Key - AWS IAM access key.
- elasticsearch
Aws stringRegion - The AWS region the Elasticsearch domain is configured.
- elasticsearch
Aws stringSecret Access Key - AWS IAM secret access key.
- elasticsearch
Indexed numberField Length Limit - Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- elasticsearch
Indexed numberFile Size Limit Kb - Maximum size of repository and wiki files that are indexed by Elasticsearch.
- elasticsearch
Indexing boolean - Enable Elasticsearch indexing.
- elasticsearch
Limit booleanIndexing - Limit Elasticsearch to index certain namespaces and projects.
- elasticsearch
Max numberBulk Concurrency - Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- elasticsearch
Max numberBulk Size Mb - Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- elasticsearch
Namespace number[]Ids - The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch
Password string - The password of your Elasticsearch instance.
- elasticsearch
Project number[]Ids - The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch
Search boolean - Enable Elasticsearch search.
- elasticsearch
Urls string[] - The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- elasticsearch
Username string - The username of your Elasticsearch instance.
- email
Additional stringText - Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- boolean
- Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- enabled
Git stringAccess Protocol - Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- enforce
Namespace booleanStorage Limit - Enabling this permits enforcement of namespace storage limits.
- enforce
Terms boolean - (If enabled, requires: terms) Enforce application ToS to all users.
- external
Auth stringClient Cert - (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- external
Auth stringClient Key - Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- external
Auth stringClient Key Pass - Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- string
- The default classification label to use when requesting authorization and no classification label has been specified on the project.
- boolean
- (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- number
- The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- string
- URL to which authorization requests are directed.
- external
Pipeline numberValidation Service Timeout - How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- external
Pipeline stringValidation Service Token - Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- external
Pipeline stringValidation Service Url - URL to use for pipeline validation requests.
- file
Template numberProject Id - The ID of a project to load custom file templates from.
- first
Day numberOf Week - Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
- geo
Node stringAllowed Ips - Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- geo
Status numberTimeout - The amount of seconds after which a request to get a secondary node status times out.
- git
Rate string[]Limit Users Allowlists - List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
- git
Two numberFactor Session Expiry - Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- gitaly
Timeout numberDefault - Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- gitaly
Timeout numberFast - Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- gitaly
Timeout numberMedium - Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- grafana
Enabled boolean - Enable Grafana.
- grafana
Url string - Grafana URL.
- gravatar
Enabled boolean - Enable Gravatar.
- group
Owners booleanCan Manage Default Branch Protection - Prevent overrides of default branch protection.
- hashed
Storage booleanEnabled - Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- help
Page booleanHide Commercial Content - Hide marketing-related entries from help.
- help
Page stringSupport Url - Alternate support URL for help page and help dropdown.
- help
Page stringText - Custom text displayed on the help page.
- help
Text string - GitLab server administrator information.
- hide
Third booleanParty Offers - Do not display offers from third parties in GitLab.
- home
Page stringUrl - Redirect to this URL when not logged in.
- housekeeping
Enabled boolean - Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
- housekeeping
Full numberRepack Period - Number of Git pushes after which an incremental git repack is run.
- housekeeping
Gc numberPeriod - Number of Git pushes after which git gc is run.
- housekeeping
Incremental numberRepack Period - Number of Git pushes after which an incremental git repack is run.
- housekeeping
Optimize numberRepository Period - Number of Git pushes after which an incremental git repack is run.
- html
Emails booleanEnabled - Enable HTML emails.
- import
Sources string[] - Sources to allow project import from. Valid values are:
github,bitbucket,bitbucket_server,fogbugz,git,gitlab.Project,gitea,manifest - in
Product booleanMarketing Emails Enabled - Enable in-product marketing emails.
- inactive
Projects numberDelete After Months - If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive
Projects numberMin Size Mb - If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive
Projects numberSend Warning Email After Months - If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- invisible
Captcha booleanEnabled - Enable Invisible CAPTCHA spam detection during sign-up.
- issues
Create numberLimit - Max number of issue creation requests per minute per user.
- keep
Latest booleanArtifact - Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
- local
Markdown numberVersion - Increase this value when any cached Markdown should be invalidated.
- mailgun
Events booleanEnabled - Enable Mailgun event receiver.
- mailgun
Signing stringKey - The Mailgun HTTP webhook signing key for receiving events from webhook.
- maintenance
Mode boolean - When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- maintenance
Mode stringMessage - Message displayed when instance is in maintenance mode.
- max
Artifacts numberSize - Maximum artifacts size in MB.
- max
Attachment numberSize - Limit attachment size in MB.
- max
Export numberSize - Maximum export size in MB. 0 for unlimited.
- max
Import numberSize - Maximum import size in MB. 0 for unlimited.
- max
Number numberOf Repository Downloads - Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- max
Number numberOf Repository Downloads Within Time Period - Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- max
Pages numberSize - Maximum size of pages repositories in MB.
- max
Personal numberAccess Token Lifetime - Maximum allowable lifetime for access tokens in days.
- max
Ssh numberKey Lifetime - Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- max
Terraform numberState Size Bytes - metrics
Method numberCall Threshold - A method call is only tracked when it takes longer than the given amount of milliseconds.
- minimum
Password numberLength - Indicates whether passwords require a minimum length. Introduced in GitLab 15.1. Premium and Ultimate only.
- mirror
Available boolean - Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- mirror
Capacity numberThreshold - Minimum capacity to be available before scheduling more mirrors preemptively.
- mirror
Max numberCapacity - Maximum number of mirrors that can be synchronizing at the same time.
- mirror
Max numberDelay - Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- npm
Package booleanRequests Forwarding - Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- outbound
Local string[]Requests Whitelists - Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- package
Registry numberCleanup Policies Worker Capacity - Number of workers assigned to the packages cleanup policies.
- pages
Domain booleanVerification Enabled - Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- password
Authentication booleanEnabled For Git - Enable authentication for Git over HTTP(S) via a GitLab account password.
- password
Authentication booleanEnabled For Web - Enable authentication for the web interface via a GitLab account password.
- password
Lowercase booleanRequired - Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- password
Number booleanRequired - Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- password
Symbol booleanRequired - Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- password
Uppercase booleanRequired - Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- performance
Bar stringAllowed Group Path - Path of the group that is allowed to toggle the performance bar.
- personal
Access stringToken Prefix - Prefix for all generated personal access tokens.
- pipeline
Limit numberPer Project User Sha - Maximum number of pipeline creation requests per minute per user and commit.
- plantuml
Enabled boolean - (If enabled, requires: plantuml_url) Enable PlantUML integration.
- plantuml
Url string - The PlantUML instance URL for integration.
- polling
Interval numberMultiplier - Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- project
Export booleanEnabled - Enable project export.
- prometheus
Metrics booleanEnabled - Enable Prometheus metrics.
- protected
Ci booleanVariables - CI/CD variables are protected by default.
- push
Event numberActivities Limit - Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- push
Event numberHooks Limit - Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- pypi
Package booleanRequests Forwarding - Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- rate
Limiting stringResponse Text - When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- raw
Blob numberRequest Limit - Max number of requests per minute for each raw path. To disable throttling set to 0.
- recaptcha
Enabled boolean - (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- recaptcha
Private stringKey - Private key for reCAPTCHA.
- recaptcha
Site stringKey - Site key for reCAPTCHA.
- receive
Max numberInput Size - Maximum push size (MB).
- repository
Checks booleanEnabled - GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- repository
Size numberLimit - Size limit per repository (MB).
- repository
Storages string[] - (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- repository
Storages {[key: string]: number}Weighted - (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- require
Admin booleanApproval After User Signup - When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- require
Two booleanFactor Authentication - (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- restricted
Visibility string[]Levels - Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
- rsa
Key numberRestriction - The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
- search
Rate numberLimit - Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
- search
Rate numberLimit Unauthenticated - Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
- send
User booleanConfirmation Email - Send confirmation email on sign-up.
- session
Expire numberDelay - Session duration in minutes. GitLab restart is required to apply changes.
- boolean
- (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- number
- Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- string
- Shared runners text.
- sidekiq
Job numberLimiter Compression Threshold Bytes - The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
- sidekiq
Job numberLimiter Limit Bytes - The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
- sidekiq
Job stringLimiter Mode - track or compress. Sets the behavior for Sidekiq job size limits.
- sign
In stringText - Text on the login page.
- signup
Enabled boolean - Enable registration.
- slack
App booleanEnabled - (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- slack
App stringId - The app ID of the Slack-app.
- slack
App stringSecret - The app secret of the Slack-app.
- slack
App stringSigning Secret - The signing secret of the Slack-app.
- slack
App stringVerification Token - The verification token of the Slack-app.
- snippet
Size numberLimit - Max snippet content size in bytes.
- snowplow
App stringId - The Snowplow site name / application ID. (for example, gitlab)
- snowplow
Collector stringHostname - The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- string
- The Snowplow cookie domain. (for example, .gitlab.com)
- snowplow
Enabled boolean - Enable snowplow tracking.
- sourcegraph
Enabled boolean - Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
- sourcegraph
Public booleanOnly - Blocks Sourcegraph from being loaded on private and internal projects.
- sourcegraph
Url string - The Sourcegraph instance URL for integration.
- spam
Check stringApi Key - API key used by GitLab for accessing the Spam Check service endpoint.
- spam
Check booleanEndpoint Enabled - Enables spam checking using external Spam Check API endpoint.
- spam
Check stringEndpoint Url - URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- suggest
Pipeline booleanEnabled - Enable pipeline suggestion banner.
- terminal
Max numberSession Time - Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- terms string
- (Required by: enforce_terms) Markdown content for the ToS.
- throttle
Authenticated booleanApi Enabled - (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Authenticated numberApi Period In Seconds - Rate limit period (in seconds).
- throttle
Authenticated numberApi Requests Per Period - Maximum requests per period per user.
- throttle
Authenticated booleanPackages Api Enabled - (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle
Authenticated numberPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle
Authenticated numberPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle
Authenticated booleanWeb Enabled - (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Authenticated numberWeb Period In Seconds - Rate limit period (in seconds).
- throttle
Authenticated numberWeb Requests Per Period - Maximum requests per period per user.
- throttle
Unauthenticated booleanApi Enabled - (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Unauthenticated numberApi Period In Seconds - Rate limit period in seconds.
- throttle
Unauthenticated numberApi Requests Per Period - Max requests per period per IP.
- throttle
Unauthenticated booleanPackages Api Enabled - (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle
Unauthenticated numberPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle
Unauthenticated numberPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle
Unauthenticated booleanWeb Enabled - (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Unauthenticated numberWeb Period In Seconds - Rate limit period in seconds.
- throttle
Unauthenticated numberWeb Requests Per Period - Max requests per period per IP.
- time
Tracking booleanLimit To Hours - Limit display of time tracking units to hours.
- two
Factor numberGrace Period - Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- unique
Ips booleanLimit Enabled - (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- unique
Ips numberLimit Per User - Maximum number of IPs per user.
- unique
Ips numberLimit Time Window - How many seconds an IP is counted towards the limit.
- usage
Ping booleanEnabled - Every week GitLab reports license usage back to GitLab, Inc.
- user
Deactivation booleanEmails Enabled - Send an email to users upon account deactivation.
- user
Default booleanExternal - Newly registered users are external by default.
- user
Default stringInternal Regex - Specify an email address regex pattern to identify default internal users.
- user
Oauth booleanApplications - Allow users to register any application to use GitLab as an OAuth provider.
- user
Show booleanAdd Ssh Key Message - When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- version
Check booleanEnabled - Let GitLab inform you when an update is available.
- web
Ide booleanClientside Preview Enabled - Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- whats
New stringVariant - What’s new variant, possible values: alltiers, currenttier, and disabled.
- wiki
Page numberMax Content Bytes - Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
- abuse_
notification_ stremail - If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- admin_
mode bool - Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- after_
sign_ strout_ path - Where to redirect users after logout.
- after_
sign_ strup_ text - Text shown to the user after signing up.
- str
- API key for Akismet spam protection.
- bool
- (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- allow_
account_ booldeletion - Set to true to allow users to delete their accounts. Premium and Ultimate only.
- allow_
group_ boolowners_ to_ manage_ ldap - Set to true to allow group owners to manage LDAP.
- allow_
local_ boolrequests_ from_ system_ hooks - Allow requests to the local network from system hooks.
- allow_
local_ boolrequests_ from_ web_ hooks_ and_ services - Allow requests to the local network from web hooks and services.
- allow_
project_ boolcreation_ for_ guest_ and_ below - Indicates whether users assigned up to the Guest role can create groups and personal projects.
- allow_
runner_ boolregistration_ token - Allow using a registration token to create a runner.
- archive_
builds_ strin_ human_ readable - Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- asciidoc_
max_ intincludes - Maximum limit of AsciiDoc include directives being processed in any one document. Maximum: 64.
- asset_
proxy_ Sequence[str]allowlists - Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- asset_
proxy_ boolenabled - (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- asset_
proxy_ strsecret_ key - Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- asset_
proxy_ strurl - URL of the asset proxy server. GitLab restart is required to apply changes.
- bool
- By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- auto_
ban_ booluser_ on_ excessive_ projects_ download - When enabled, users will get automatically banned from the application when they download more than the maximum number of unique projects in the time period specified by maxnumberofrepositorydownloads and maxnumberofrepositorydownloadswithintime_period respectively. Introduced in GitLab 15.4. Self-managed, Ultimate only.
- auto_
devops_ strdomain - Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- auto_
devops_ boolenabled - Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- automatic_
purchased_ boolstorage_ allocation - Enabling this permits automatic allocation of purchased storage in a namespace.
- bulk_
import_ intconcurrent_ pipeline_ batch_ limit - Maximum simultaneous Direct Transfer batches to process.
- bulk_
import_ boolenabled - Enable migrating GitLab groups by direct transfer. Introduced in GitLab 15.8.
- bulk_
import_ intmax_ download_ file_ size - Maximum download file size when importing from source GitLab instances by direct transfer. Introduced in GitLab 16.3.
- can_
create_ boolgroup - Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
- check_
namespace_ boolplan - Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- ci_
max_ intincludes - The maximum number of includes per pipeline.
- ci_
max_ inttotal_ yaml_ size_ bytes - The maximum amount of memory, in bytes, that can be allocated for the pipeline configuration, with all included YAML configuration files.
- commit_
email_ strhostname - Custom hostname (for private commit emails).
- concurrent_
bitbucket_ intimport_ jobs_ limit - Maximum number of simultaneous import jobs for the Bitbucket Cloud importer. Introduced in GitLab 16.11.
- concurrent_
bitbucket_ intserver_ import_ jobs_ limit - Maximum number of simultaneous import jobs for the Bitbucket Server importer. Introduced in GitLab 16.11.
- concurrent_
github_ intimport_ jobs_ limit - Maximum number of simultaneous import jobs for the GitHub importer. Introduced in GitLab 16.11.
- container_
expiration_ boolpolicies_ enable_ historic_ entries - Enable cleanup policies for all projects.
- int
- The maximum number of tags that can be deleted in a single execution of cleanup policies.
- int
- The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- container_
registry_ boolexpiration_ policies_ caching - Caching during the execution of cleanup policies.
- container_
registry_ intexpiration_ policies_ worker_ capacity - Number of workers for cleanup policies.
- container_
registry_ inttoken_ expire_ delay - Container Registry token duration in minutes.
- deactivate_
dormant_ boolusers - Enable automatic deactivation of dormant users.
- deactivate_
dormant_ intusers_ period - Length of time (in days) after which a user is considered dormant. Introduced in GitLab 15.3.
- decompress_
archive_ intfile_ timeout - Default timeout for decompressing archived files, in seconds. Set to 0 to disable timeouts. Introduced in GitLab 16.4.
- default_
artifacts_ strexpire_ in - Set the default expiration time for each job’s artifacts.
- default_
branch_ strname - Instance-level custom initial branch name (introduced in GitLab 13.2).
- default_
branch_ intprotection - Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- default_
branch_ Applicationprotection_ defaults Settings Default Branch Protection Defaults Args - The defaultbranchprotection*defaults attribute describes the default branch protection defaults. All parameters are optional.
- default_
ci_ strconfig_ path - Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- default_
group_ strvisibility - What visibility level new groups receive. Can take private, internal and public as a parameter.
- default_
preferred_ strlanguage - Default preferred language for users who are not logged in.
- default_
project_ intcreation - Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- default_
project_ strvisibility - What visibility level new projects receive. Can take private, internal and public as a parameter.
- default_
projects_ intlimit - Project limit per user.
- default_
snippet_ strvisibility - What visibility level new snippets receive. Can take private, internal and public as a parameter.
- default_
syntax_ inthighlighting_ theme - Default syntax highlighting theme for users who are new or not signed in. See IDs of available themes (https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/themes.rb#L16)
- delete_
inactive_ boolprojects - Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
- delete_
unconfirmed_ boolusers - Specifies whether users who have not confirmed their email should be deleted. When set to true, unconfirmed users are deleted after unconfirmedusersdeleteafterdays days. Introduced in GitLab 16.1. Self-managed, Premium and Ultimate only.
- deletion_
adjourned_ intperiod - The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
- diagramsnet_
enabled bool - (If enabled, requires diagramsnet_url) Enable Diagrams.net integration.
- diagramsnet_
url str - The Diagrams.net instance URL for integration.
- diff_
max_ intfiles - Maximum files in a diff.
- diff_
max_ intlines - Maximum lines in a diff.
- diff_
max_ intpatch_ bytes - Maximum diff patch size, in bytes.
- disable_
admin_ booloauth_ scopes - Stops administrators from connecting their GitLab accounts to non-trusted OAuth 2.0 applications that have the api, readapi, readrepository, writerepository, readregistry, write_registry, or sudo scopes. Introduced in GitLab 15.6.
- disable_
feed_ booltoken - Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- disable_
personal_ boolaccess_ tokens - Disable personal access tokens. Introduced in GitLab 15.7. Self-managed, Premium and Ultimate only. There is no method available to enable a personal access token that’s been disabled through the API. This is a known issue.
- disabled_
oauth_ Sequence[str]sign_ in_ sources - Disabled OAuth sign-in sources.
- dns_
rebinding_ boolprotection_ enabled - Enforce DNS rebinding attack protection.
- domain_
allowlists Sequence[str] - Force people to use only corporate emails for sign-up. Null means there is no restriction.
- domain_
denylist_ boolenabled - (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- domain_
denylists Sequence[str] - Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- downstream_
pipeline_ inttrigger_ limit_ per_ project_ user_ sha - Maximum downstream pipeline trigger rate. Introduced in GitLab 16.10.
- dsa_
key_ intrestriction - The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
- duo_
features_ boolenabled - Indicates whether GitLab Duo features are enabled for this instance. Introduced in GitLab 16.10. Self-managed, Premium and Ultimate only.
- ecdsa_
key_ intrestriction - The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
- ecdsa_
sk_ intkey_ restriction - The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
- ed25519_
key_ intrestriction - The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
- ed25519_
sk_ intkey_ restriction - The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
- eks_
access_ strkey_ id - AWS IAM access key ID.
- eks_
account_ strid - Amazon account ID.
- eks_
integration_ boolenabled - Enable integration with Amazon EKS.
- eks_
secret_ straccess_ key - AWS IAM secret access key.
- elasticsearch_
aws bool - Enable the use of AWS hosted Elasticsearch.
- elasticsearch_
aws_ straccess_ key - AWS IAM access key.
- elasticsearch_
aws_ strregion - The AWS region the Elasticsearch domain is configured.
- elasticsearch_
aws_ strsecret_ access_ key - AWS IAM secret access key.
- elasticsearch_
indexed_ intfield_ length_ limit - Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- elasticsearch_
indexed_ intfile_ size_ limit_ kb - Maximum size of repository and wiki files that are indexed by Elasticsearch.
- elasticsearch_
indexing bool - Enable Elasticsearch indexing.
- elasticsearch_
limit_ boolindexing - Limit Elasticsearch to index certain namespaces and projects.
- elasticsearch_
max_ intbulk_ concurrency - Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- elasticsearch_
max_ intbulk_ size_ mb - Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- elasticsearch_
namespace_ Sequence[int]ids - The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch_
password str - The password of your Elasticsearch instance.
- elasticsearch_
project_ Sequence[int]ids - The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch_
search bool - Enable Elasticsearch search.
- elasticsearch_
urls Sequence[str] - The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- elasticsearch_
username str - The username of your Elasticsearch instance.
- email_
additional_ strtext - Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- bool
- Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- enabled_
git_ straccess_ protocol - Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- enforce_
namespace_ boolstorage_ limit - Enabling this permits enforcement of namespace storage limits.
- enforce_
terms bool - (If enabled, requires: terms) Enforce application ToS to all users.
- external_
auth_ strclient_ cert - (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- external_
auth_ strclient_ key - Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- external_
auth_ strclient_ key_ pass - Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- str
- The default classification label to use when requesting authorization and no classification label has been specified on the project.
- bool
- (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- float
- The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- str
- URL to which authorization requests are directed.
- external_
pipeline_ intvalidation_ service_ timeout - How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- external_
pipeline_ strvalidation_ service_ token - Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- external_
pipeline_ strvalidation_ service_ url - URL to use for pipeline validation requests.
- file_
template_ intproject_ id - The ID of a project to load custom file templates from.
- first_
day_ intof_ week - Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
- geo_
node_ strallowed_ ips - Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- geo_
status_ inttimeout - The amount of seconds after which a request to get a secondary node status times out.
- git_
rate_ Sequence[str]limit_ users_ allowlists - List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
- git_
two_ intfactor_ session_ expiry - Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- gitaly_
timeout_ intdefault - Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- gitaly_
timeout_ intfast - Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- gitaly_
timeout_ intmedium - Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- grafana_
enabled bool - Enable Grafana.
- grafana_
url str - Grafana URL.
- gravatar_
enabled bool - Enable Gravatar.
- group_
owners_ boolcan_ manage_ default_ branch_ protection - Prevent overrides of default branch protection.
- hashed_
storage_ boolenabled - Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- help_
page_ boolhide_ commercial_ content - Hide marketing-related entries from help.
- help_
page_ strsupport_ url - Alternate support URL for help page and help dropdown.
- help_
page_ strtext - Custom text displayed on the help page.
- help_
text str - GitLab server administrator information.
- hide_
third_ boolparty_ offers - Do not display offers from third parties in GitLab.
- home_
page_ strurl - Redirect to this URL when not logged in.
- housekeeping_
enabled bool - Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
- housekeeping_
full_ intrepack_ period - Number of Git pushes after which an incremental git repack is run.
- housekeeping_
gc_ intperiod - Number of Git pushes after which git gc is run.
- housekeeping_
incremental_ intrepack_ period - Number of Git pushes after which an incremental git repack is run.
- housekeeping_
optimize_ intrepository_ period - Number of Git pushes after which an incremental git repack is run.
- html_
emails_ boolenabled - Enable HTML emails.
- import_
sources Sequence[str] - Sources to allow project import from. Valid values are:
github,bitbucket,bitbucket_server,fogbugz,git,gitlab.Project,gitea,manifest - in_
product_ boolmarketing_ emails_ enabled - Enable in-product marketing emails.
- inactive_
projects_ intdelete_ after_ months - If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive_
projects_ intmin_ size_ mb - If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive_
projects_ intsend_ warning_ email_ after_ months - If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- invisible_
captcha_ boolenabled - Enable Invisible CAPTCHA spam detection during sign-up.
- issues_
create_ intlimit - Max number of issue creation requests per minute per user.
- keep_
latest_ boolartifact - Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
- local_
markdown_ intversion - Increase this value when any cached Markdown should be invalidated.
- mailgun_
events_ boolenabled - Enable Mailgun event receiver.
- mailgun_
signing_ strkey - The Mailgun HTTP webhook signing key for receiving events from webhook.
- maintenance_
mode bool - When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- maintenance_
mode_ strmessage - Message displayed when instance is in maintenance mode.
- max_
artifacts_ intsize - Maximum artifacts size in MB.
- max_
attachment_ intsize - Limit attachment size in MB.
- max_
export_ intsize - Maximum export size in MB. 0 for unlimited.
- max_
import_ intsize - Maximum import size in MB. 0 for unlimited.
- max_
number_ intof_ repository_ downloads - Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- max_
number_ intof_ repository_ downloads_ within_ time_ period - Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- max_
pages_ intsize - Maximum size of pages repositories in MB.
- max_
personal_ intaccess_ token_ lifetime - Maximum allowable lifetime for access tokens in days.
- max_
ssh_ intkey_ lifetime - Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- max_
terraform_ intstate_ size_ bytes - metrics_
method_ intcall_ threshold - A method call is only tracked when it takes longer than the given amount of milliseconds.
- minimum_
password_ intlength - Indicates whether passwords require a minimum length. Introduced in GitLab 15.1. Premium and Ultimate only.
- mirror_
available bool - Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- mirror_
capacity_ intthreshold - Minimum capacity to be available before scheduling more mirrors preemptively.
- mirror_
max_ intcapacity - Maximum number of mirrors that can be synchronizing at the same time.
- mirror_
max_ intdelay - Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- npm_
package_ boolrequests_ forwarding - Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- outbound_
local_ Sequence[str]requests_ whitelists - Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- package_
registry_ intcleanup_ policies_ worker_ capacity - Number of workers assigned to the packages cleanup policies.
- pages_
domain_ boolverification_ enabled - Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- password_
authentication_ boolenabled_ for_ git - Enable authentication for Git over HTTP(S) via a GitLab account password.
- password_
authentication_ boolenabled_ for_ web - Enable authentication for the web interface via a GitLab account password.
- password_
lowercase_ boolrequired - Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- password_
number_ boolrequired - Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- password_
symbol_ boolrequired - Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- password_
uppercase_ boolrequired - Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- performance_
bar_ strallowed_ group_ path - Path of the group that is allowed to toggle the performance bar.
- personal_
access_ strtoken_ prefix - Prefix for all generated personal access tokens.
- pipeline_
limit_ intper_ project_ user_ sha - Maximum number of pipeline creation requests per minute per user and commit.
- plantuml_
enabled bool - (If enabled, requires: plantuml_url) Enable PlantUML integration.
- plantuml_
url str - The PlantUML instance URL for integration.
- polling_
interval_ floatmultiplier - Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- project_
export_ boolenabled - Enable project export.
- prometheus_
metrics_ boolenabled - Enable Prometheus metrics.
- protected_
ci_ boolvariables - CI/CD variables are protected by default.
- push_
event_ intactivities_ limit - Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- push_
event_ inthooks_ limit - Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- pypi_
package_ boolrequests_ forwarding - Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- rate_
limiting_ strresponse_ text - When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- raw_
blob_ intrequest_ limit - Max number of requests per minute for each raw path. To disable throttling set to 0.
- recaptcha_
enabled bool - (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- recaptcha_
private_ strkey - Private key for reCAPTCHA.
- recaptcha_
site_ strkey - Site key for reCAPTCHA.
- receive_
max_ intinput_ size - Maximum push size (MB).
- repository_
checks_ boolenabled - GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- repository_
size_ intlimit - Size limit per repository (MB).
- repository_
storages Sequence[str] - (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- repository_
storages_ Mapping[str, int]weighted - (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- require_
admin_ boolapproval_ after_ user_ signup - When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- require_
two_ boolfactor_ authentication - (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- restricted_
visibility_ Sequence[str]levels - Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
- rsa_
key_ intrestriction - The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
- search_
rate_ intlimit - Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
- search_
rate_ intlimit_ unauthenticated - Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
- send_
user_ boolconfirmation_ email - Send confirmation email on sign-up.
- session_
expire_ intdelay - Session duration in minutes. GitLab restart is required to apply changes.
- bool
- (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- int
- Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- str
- Shared runners text.
- sidekiq_
job_ intlimiter_ compression_ threshold_ bytes - The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
- sidekiq_
job_ intlimiter_ limit_ bytes - The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
- sidekiq_
job_ strlimiter_ mode - track or compress. Sets the behavior for Sidekiq job size limits.
- sign_
in_ strtext - Text on the login page.
- signup_
enabled bool - Enable registration.
- slack_
app_ boolenabled - (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- slack_
app_ strid - The app ID of the Slack-app.
- slack_
app_ strsecret - The app secret of the Slack-app.
- slack_
app_ strsigning_ secret - The signing secret of the Slack-app.
- slack_
app_ strverification_ token - The verification token of the Slack-app.
- snippet_
size_ intlimit - Max snippet content size in bytes.
- snowplow_
app_ strid - The Snowplow site name / application ID. (for example, gitlab)
- snowplow_
collector_ strhostname - The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- str
- The Snowplow cookie domain. (for example, .gitlab.com)
- snowplow_
enabled bool - Enable snowplow tracking.
- sourcegraph_
enabled bool - Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
- sourcegraph_
public_ boolonly - Blocks Sourcegraph from being loaded on private and internal projects.
- sourcegraph_
url str - The Sourcegraph instance URL for integration.
- spam_
check_ strapi_ key - API key used by GitLab for accessing the Spam Check service endpoint.
- spam_
check_ boolendpoint_ enabled - Enables spam checking using external Spam Check API endpoint.
- spam_
check_ strendpoint_ url - URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- suggest_
pipeline_ boolenabled - Enable pipeline suggestion banner.
- terminal_
max_ intsession_ time - Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- terms str
- (Required by: enforce_terms) Markdown content for the ToS.
- throttle_
authenticated_ boolapi_ enabled - (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle_
authenticated_ intapi_ period_ in_ seconds - Rate limit period (in seconds).
- throttle_
authenticated_ intapi_ requests_ per_ period - Maximum requests per period per user.
- throttle_
authenticated_ boolpackages_ api_ enabled - (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle_
authenticated_ intpackages_ api_ period_ in_ seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle_
authenticated_ intpackages_ api_ requests_ per_ period - Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle_
authenticated_ boolweb_ enabled - (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle_
authenticated_ intweb_ period_ in_ seconds - Rate limit period (in seconds).
- throttle_
authenticated_ intweb_ requests_ per_ period - Maximum requests per period per user.
- throttle_
unauthenticated_ boolapi_ enabled - (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle_
unauthenticated_ intapi_ period_ in_ seconds - Rate limit period in seconds.
- throttle_
unauthenticated_ intapi_ requests_ per_ period - Max requests per period per IP.
- throttle_
unauthenticated_ boolpackages_ api_ enabled - (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle_
unauthenticated_ intpackages_ api_ period_ in_ seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle_
unauthenticated_ intpackages_ api_ requests_ per_ period - Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle_
unauthenticated_ boolweb_ enabled - (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle_
unauthenticated_ intweb_ period_ in_ seconds - Rate limit period in seconds.
- throttle_
unauthenticated_ intweb_ requests_ per_ period - Max requests per period per IP.
- time_
tracking_ boollimit_ to_ hours - Limit display of time tracking units to hours.
- two_
factor_ intgrace_ period - Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- unique_
ips_ boollimit_ enabled - (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- unique_
ips_ intlimit_ per_ user - Maximum number of IPs per user.
- unique_
ips_ intlimit_ time_ window - How many seconds an IP is counted towards the limit.
- usage_
ping_ boolenabled - Every week GitLab reports license usage back to GitLab, Inc.
- user_
deactivation_ boolemails_ enabled - Send an email to users upon account deactivation.
- user_
default_ boolexternal - Newly registered users are external by default.
- user_
default_ strinternal_ regex - Specify an email address regex pattern to identify default internal users.
- user_
oauth_ boolapplications - Allow users to register any application to use GitLab as an OAuth provider.
- user_
show_ booladd_ ssh_ key_ message - When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- version_
check_ boolenabled - Let GitLab inform you when an update is available.
- web_
ide_ boolclientside_ preview_ enabled - Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- whats_
new_ strvariant - What’s new variant, possible values: alltiers, currenttier, and disabled.
- wiki_
page_ intmax_ content_ bytes - Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
- abuse
Notification StringEmail - If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
- admin
Mode Boolean - Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
- after
Sign StringOut Path - Where to redirect users after logout.
- after
Sign StringUp Text - Text shown to the user after signing up.
- String
- API key for Akismet spam protection.
- Boolean
- (If enabled, requires: akismetapikey) Enable or disable Akismet spam protection.
- allow
Account BooleanDeletion - Set to true to allow users to delete their accounts. Premium and Ultimate only.
- allow
Group BooleanOwners To Manage Ldap - Set to true to allow group owners to manage LDAP.
- allow
Local BooleanRequests From System Hooks - Allow requests to the local network from system hooks.
- allow
Local BooleanRequests From Web Hooks And Services - Allow requests to the local network from web hooks and services.
- allow
Project BooleanCreation For Guest And Below - Indicates whether users assigned up to the Guest role can create groups and personal projects.
- allow
Runner BooleanRegistration Token - Allow using a registration token to create a runner.
- archive
Builds StringIn Human Readable - Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
- asciidoc
Max NumberIncludes - Maximum limit of AsciiDoc include directives being processed in any one document. Maximum: 64.
- asset
Proxy List<String>Allowlists - Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
- asset
Proxy BooleanEnabled - (If enabled, requires: assetproxyurl) Enable proxying of assets. GitLab restart is required to apply changes.
- asset
Proxy StringSecret Key - Shared secret with the asset proxy server. GitLab restart is required to apply changes.
- asset
Proxy StringUrl - URL of the asset proxy server. GitLab restart is required to apply changes.
- Boolean
- By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
- auto
Ban BooleanUser On Excessive Projects Download - When enabled, users will get automatically banned from the application when they download more than the maximum number of unique projects in the time period specified by maxnumberofrepositorydownloads and maxnumberofrepositorydownloadswithintime_period respectively. Introduced in GitLab 15.4. Self-managed, Ultimate only.
- auto
Devops StringDomain - Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
- auto
Devops BooleanEnabled - Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
- automatic
Purchased BooleanStorage Allocation - Enabling this permits automatic allocation of purchased storage in a namespace.
- bulk
Import NumberConcurrent Pipeline Batch Limit - Maximum simultaneous Direct Transfer batches to process.
- bulk
Import BooleanEnabled - Enable migrating GitLab groups by direct transfer. Introduced in GitLab 15.8.
- bulk
Import NumberMax Download File Size - Maximum download file size when importing from source GitLab instances by direct transfer. Introduced in GitLab 16.3.
- can
Create BooleanGroup - Indicates whether users can create top-level groups. Introduced in GitLab 15.5.
- check
Namespace BooleanPlan - Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
- ci
Max NumberIncludes - The maximum number of includes per pipeline.
- ci
Max NumberTotal Yaml Size Bytes - The maximum amount of memory, in bytes, that can be allocated for the pipeline configuration, with all included YAML configuration files.
- commit
Email StringHostname - Custom hostname (for private commit emails).
- concurrent
Bitbucket NumberImport Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Cloud importer. Introduced in GitLab 16.11.
- concurrent
Bitbucket NumberServer Import Jobs Limit - Maximum number of simultaneous import jobs for the Bitbucket Server importer. Introduced in GitLab 16.11.
- concurrent
Github NumberImport Jobs Limit - Maximum number of simultaneous import jobs for the GitHub importer. Introduced in GitLab 16.11.
- container
Expiration BooleanPolicies Enable Historic Entries - Enable cleanup policies for all projects.
- Number
- The maximum number of tags that can be deleted in a single execution of cleanup policies.
- Number
- The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
- container
Registry BooleanExpiration Policies Caching - Caching during the execution of cleanup policies.
- container
Registry NumberExpiration Policies Worker Capacity - Number of workers for cleanup policies.
- container
Registry NumberToken Expire Delay - Container Registry token duration in minutes.
- deactivate
Dormant BooleanUsers - Enable automatic deactivation of dormant users.
- deactivate
Dormant NumberUsers Period - Length of time (in days) after which a user is considered dormant. Introduced in GitLab 15.3.
- decompress
Archive NumberFile Timeout - Default timeout for decompressing archived files, in seconds. Set to 0 to disable timeouts. Introduced in GitLab 16.4.
- default
Artifacts StringExpire In - Set the default expiration time for each job’s artifacts.
- default
Branch StringName - Instance-level custom initial branch name (introduced in GitLab 13.2).
- default
Branch NumberProtection - Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
- default
Branch Property MapProtection Defaults - The defaultbranchprotection*defaults attribute describes the default branch protection defaults. All parameters are optional.
- default
Ci StringConfig Path - Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
- default
Group StringVisibility - What visibility level new groups receive. Can take private, internal and public as a parameter.
- default
Preferred StringLanguage - Default preferred language for users who are not logged in.
- default
Project NumberCreation - Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers).
- default
Project StringVisibility - What visibility level new projects receive. Can take private, internal and public as a parameter.
- default
Projects NumberLimit - Project limit per user.
- default
Snippet StringVisibility - What visibility level new snippets receive. Can take private, internal and public as a parameter.
- default
Syntax NumberHighlighting Theme - Default syntax highlighting theme for users who are new or not signed in. See IDs of available themes (https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/themes.rb#L16)
- delete
Inactive BooleanProjects - Enable inactive project deletion feature. Introduced in GitLab 14.10. Became operational in GitLab 15.0 (with feature flag inactiveprojectsdeletion).
- delete
Unconfirmed BooleanUsers - Specifies whether users who have not confirmed their email should be deleted. When set to true, unconfirmed users are deleted after unconfirmedusersdeleteafterdays days. Introduced in GitLab 16.1. Self-managed, Premium and Ultimate only.
- deletion
Adjourned NumberPeriod - The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90.
- diagramsnet
Enabled Boolean - (If enabled, requires diagramsnet_url) Enable Diagrams.net integration.
- diagramsnet
Url String - The Diagrams.net instance URL for integration.
- diff
Max NumberFiles - Maximum files in a diff.
- diff
Max NumberLines - Maximum lines in a diff.
- diff
Max NumberPatch Bytes - Maximum diff patch size, in bytes.
- disable
Admin BooleanOauth Scopes - Stops administrators from connecting their GitLab accounts to non-trusted OAuth 2.0 applications that have the api, readapi, readrepository, writerepository, readregistry, write_registry, or sudo scopes. Introduced in GitLab 15.6.
- disable
Feed BooleanToken - Disable display of RSS/Atom and calendar feed tokens (introduced in GitLab 13.7).
- disable
Personal BooleanAccess Tokens - Disable personal access tokens. Introduced in GitLab 15.7. Self-managed, Premium and Ultimate only. There is no method available to enable a personal access token that’s been disabled through the API. This is a known issue.
- disabled
Oauth List<String>Sign In Sources - Disabled OAuth sign-in sources.
- dns
Rebinding BooleanProtection Enabled - Enforce DNS rebinding attack protection.
- domain
Allowlists List<String> - Force people to use only corporate emails for sign-up. Null means there is no restriction.
- domain
Denylist BooleanEnabled - (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
- domain
Denylists List<String> - Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. Ex: domain.com, *.domain.com.
- downstream
Pipeline NumberTrigger Limit Per Project User Sha - Maximum downstream pipeline trigger rate. Introduced in GitLab 16.10.
- dsa
Key NumberRestriction - The minimum allowed bit length of an uploaded DSA key. 0 means no restriction. -1 disables DSA keys.
- duo
Features BooleanEnabled - Indicates whether GitLab Duo features are enabled for this instance. Introduced in GitLab 16.10. Self-managed, Premium and Ultimate only.
- ecdsa
Key NumberRestriction - The minimum allowed curve size (in bits) of an uploaded ECDSA key. 0 means no restriction. -1 disables ECDSA keys.
- ecdsa
Sk NumberKey Restriction - The minimum allowed curve size (in bits) of an uploaded ECDSASK key. 0 means no restriction. -1 disables ECDSASK keys.
- ed25519Key
Restriction Number - The minimum allowed curve size (in bits) of an uploaded ED25519 key. 0 means no restriction. -1 disables ED25519 keys.
- ed25519Sk
Key NumberRestriction - The minimum allowed curve size (in bits) of an uploaded ED25519SK key. 0 means no restriction. -1 disables ED25519SK keys.
- eks
Access StringKey Id - AWS IAM access key ID.
- eks
Account StringId - Amazon account ID.
- eks
Integration BooleanEnabled - Enable integration with Amazon EKS.
- eks
Secret StringAccess Key - AWS IAM secret access key.
- elasticsearch
Aws Boolean - Enable the use of AWS hosted Elasticsearch.
- elasticsearch
Aws StringAccess Key - AWS IAM access key.
- elasticsearch
Aws StringRegion - The AWS region the Elasticsearch domain is configured.
- elasticsearch
Aws StringSecret Access Key - AWS IAM secret access key.
- elasticsearch
Indexed NumberField Length Limit - Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
- elasticsearch
Indexed NumberFile Size Limit Kb - Maximum size of repository and wiki files that are indexed by Elasticsearch.
- elasticsearch
Indexing Boolean - Enable Elasticsearch indexing.
- elasticsearch
Limit BooleanIndexing - Limit Elasticsearch to index certain namespaces and projects.
- elasticsearch
Max NumberBulk Concurrency - Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
- elasticsearch
Max NumberBulk Size Mb - Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
- elasticsearch
Namespace List<Number>Ids - The namespaces to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch
Password String - The password of your Elasticsearch instance.
- elasticsearch
Project List<Number>Ids - The projects to index via Elasticsearch if elasticsearchlimitindexing is enabled.
- elasticsearch
Search Boolean - Enable Elasticsearch search.
- elasticsearch
Urls List<String> - The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201).
- elasticsearch
Username String - The username of your Elasticsearch instance.
- email
Additional StringText - Additional text added to the bottom of every email for legal/auditing/compliance reasons.
- Boolean
- Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
- enabled
Git StringAccess Protocol - Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
- enforce
Namespace BooleanStorage Limit - Enabling this permits enforcement of namespace storage limits.
- enforce
Terms Boolean - (If enabled, requires: terms) Enforce application ToS to all users.
- external
Auth StringClient Cert - (If enabled, requires: externalauthclient_key) The certificate to use to authenticate with the external authorization service.
- external
Auth StringClient Key - Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
- external
Auth StringClient Key Pass - Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
- String
- The default classification label to use when requesting authorization and no classification label has been specified on the project.
- Boolean
- (If enabled, requires: externalauthorizationservicedefaultlabel, externalauthorizationservicetimeout and externalauthorizationserviceurl) Enable using an external authorization service for accessing projects.
- Number
- The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
- String
- URL to which authorization requests are directed.
- external
Pipeline NumberValidation Service Timeout - How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
- external
Pipeline StringValidation Service Token - Optional. Token to include as the X-Gitlab-Token header in requests to the URL in externalpipelinevalidationserviceurl.
- external
Pipeline StringValidation Service Url - URL to use for pipeline validation requests.
- file
Template NumberProject Id - The ID of a project to load custom file templates from.
- first
Day NumberOf Week - Start day of the week for calendar views and date pickers. Valid values are 0 for Sunday, 1 for Monday, and 6 for Saturday.
- geo
Node StringAllowed Ips - Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
- geo
Status NumberTimeout - The amount of seconds after which a request to get a secondary node status times out.
- git
Rate List<String>Limit Users Allowlists - List of usernames excluded from Git anti-abuse rate limits. Maximum: 100 usernames. Introduced in GitLab 15.2.
- git
Two NumberFactor Session Expiry - Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
- gitaly
Timeout NumberDefault - Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
- gitaly
Timeout NumberFast - Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
- gitaly
Timeout NumberMedium - Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
- grafana
Enabled Boolean - Enable Grafana.
- grafana
Url String - Grafana URL.
- gravatar
Enabled Boolean - Enable Gravatar.
- group
Owners BooleanCan Manage Default Branch Protection - Prevent overrides of default branch protection.
- hashed
Storage BooleanEnabled - Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0).
- help
Page BooleanHide Commercial Content - Hide marketing-related entries from help.
- help
Page StringSupport Url - Alternate support URL for help page and help dropdown.
- help
Page StringText - Custom text displayed on the help page.
- help
Text String - GitLab server administrator information.
- hide
Third BooleanParty Offers - Do not display offers from third parties in GitLab.
- home
Page StringUrl - Redirect to this URL when not logged in.
- housekeeping
Enabled Boolean - Enable or disable Git housekeeping. If enabled, requires either housekeepingoptimizerepositoryperiod OR housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod. Options housekeepingbitmapsenabled, housekeepingfullrepackperiod, housekeepinggcperiod, and housekeepingincrementalrepackperiod are deprecated. Use housekeepingoptimizerepositoryperiod instead.
- housekeeping
Full NumberRepack Period - Number of Git pushes after which an incremental git repack is run.
- housekeeping
Gc NumberPeriod - Number of Git pushes after which git gc is run.
- housekeeping
Incremental NumberRepack Period - Number of Git pushes after which an incremental git repack is run.
- housekeeping
Optimize NumberRepository Period - Number of Git pushes after which an incremental git repack is run.
- html
Emails BooleanEnabled - Enable HTML emails.
- import
Sources List<String> - Sources to allow project import from. Valid values are:
github,bitbucket,bitbucket_server,fogbugz,git,gitlab.Project,gitea,manifest - in
Product BooleanMarketing Emails Enabled - Enable in-product marketing emails.
- inactive
Projects NumberDelete After Months - If deleteinactiveprojects is true, the time (in months) to wait before deleting inactive projects. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive
Projects NumberMin Size Mb - If deleteinactiveprojects is true, the minimum repository size for projects to be checked for inactivity. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- inactive
Projects NumberSend Warning Email After Months - If deleteinactiveprojects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
- invisible
Captcha BooleanEnabled - Enable Invisible CAPTCHA spam detection during sign-up.
- issues
Create NumberLimit - Max number of issue creation requests per minute per user.
- keep
Latest BooleanArtifact - Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time.
- local
Markdown NumberVersion - Increase this value when any cached Markdown should be invalidated.
- mailgun
Events BooleanEnabled - Enable Mailgun event receiver.
- mailgun
Signing StringKey - The Mailgun HTTP webhook signing key for receiving events from webhook.
- maintenance
Mode Boolean - When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
- maintenance
Mode StringMessage - Message displayed when instance is in maintenance mode.
- max
Artifacts NumberSize - Maximum artifacts size in MB.
- max
Attachment NumberSize - Limit attachment size in MB.
- max
Export NumberSize - Maximum export size in MB. 0 for unlimited.
- max
Import NumberSize - Maximum import size in MB. 0 for unlimited.
- max
Number NumberOf Repository Downloads - Maximum number of unique repositories a user can download in the specified time period before they are banned. Maximum: 10,000 repositories. Introduced in GitLab 15.1.
- max
Number NumberOf Repository Downloads Within Time Period - Reporting time period (in seconds). Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
- max
Pages NumberSize - Maximum size of pages repositories in MB.
- max
Personal NumberAccess Token Lifetime - Maximum allowable lifetime for access tokens in days.
- max
Ssh NumberKey Lifetime - Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
- max
Terraform NumberState Size Bytes - metrics
Method NumberCall Threshold - A method call is only tracked when it takes longer than the given amount of milliseconds.
- minimum
Password NumberLength - Indicates whether passwords require a minimum length. Introduced in GitLab 15.1. Premium and Ultimate only.
- mirror
Available Boolean - Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
- mirror
Capacity NumberThreshold - Minimum capacity to be available before scheduling more mirrors preemptively.
- mirror
Max NumberCapacity - Maximum number of mirrors that can be synchronizing at the same time.
- mirror
Max NumberDelay - Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
- npm
Package BooleanRequests Forwarding - Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
- outbound
Local List<String>Requests Whitelists - Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for hooks and services are disabled.
- package
Registry NumberCleanup Policies Worker Capacity - Number of workers assigned to the packages cleanup policies.
- pages
Domain BooleanVerification Enabled - Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
- password
Authentication BooleanEnabled For Git - Enable authentication for Git over HTTP(S) via a GitLab account password.
- password
Authentication BooleanEnabled For Web - Enable authentication for the web interface via a GitLab account password.
- password
Lowercase BooleanRequired - Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
- password
Number BooleanRequired - Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
- password
Symbol BooleanRequired - Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
- password
Uppercase BooleanRequired - Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
- performance
Bar StringAllowed Group Path - Path of the group that is allowed to toggle the performance bar.
- personal
Access StringToken Prefix - Prefix for all generated personal access tokens.
- pipeline
Limit NumberPer Project User Sha - Maximum number of pipeline creation requests per minute per user and commit.
- plantuml
Enabled Boolean - (If enabled, requires: plantuml_url) Enable PlantUML integration.
- plantuml
Url String - The PlantUML instance URL for integration.
- polling
Interval NumberMultiplier - Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
- project
Export BooleanEnabled - Enable project export.
- prometheus
Metrics BooleanEnabled - Enable Prometheus metrics.
- protected
Ci BooleanVariables - CI/CD variables are protected by default.
- push
Event NumberActivities Limit - Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
- push
Event NumberHooks Limit - Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
- pypi
Package BooleanRequests Forwarding - Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
- rate
Limiting StringResponse Text - When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
- raw
Blob NumberRequest Limit - Max number of requests per minute for each raw path. To disable throttling set to 0.
- recaptcha
Enabled Boolean - (If enabled, requires: recaptchaprivatekey and recaptchasitekey) Enable reCAPTCHA.
- recaptcha
Private StringKey - Private key for reCAPTCHA.
- recaptcha
Site StringKey - Site key for reCAPTCHA.
- receive
Max NumberInput Size - Maximum push size (MB).
- repository
Checks BooleanEnabled - GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
- repository
Size NumberLimit - Size limit per repository (MB).
- repository
Storages List<String> - (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
- repository
Storages Map<Number>Weighted - (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
- require
Admin BooleanApproval After User Signup - When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
- require
Two BooleanFactor Authentication - (If enabled, requires: twofactorgrace_period) Require all users to set up Two-factor authentication.
- restricted
Visibility List<String>Levels - Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Null means there is no restriction.
- rsa
Key NumberRestriction - The minimum allowed bit length of an uploaded RSA key. 0 means no restriction. -1 disables RSA keys.
- search
Rate NumberLimit - Max number of requests per minute for performing a search while authenticated. To disable throttling set to 0.
- search
Rate NumberLimit Unauthenticated - Max number of requests per minute for performing a search while unauthenticated. To disable throttling set to 0.
- send
User BooleanConfirmation Email - Send confirmation email on sign-up.
- session
Expire NumberDelay - Session duration in minutes. GitLab restart is required to apply changes.
- Boolean
- (If enabled, requires: sharedrunnerstext and sharedrunnersminutes) Enable shared runners for new projects.
- Number
- Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
- String
- Shared runners text.
- sidekiq
Job NumberLimiter Compression Threshold Bytes - The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis.
- sidekiq
Job NumberLimiter Limit Bytes - The threshold in bytes at which Sidekiq jobs are rejected. 0 means do not reject any job.
- sidekiq
Job StringLimiter Mode - track or compress. Sets the behavior for Sidekiq job size limits.
- sign
In StringText - Text on the login page.
- signup
Enabled Boolean - Enable registration.
- slack
App BooleanEnabled - (If enabled, requires: slackappid, slackappsecret and slackappsecret) Enable Slack app.
- slack
App StringId - The app ID of the Slack-app.
- slack
App StringSecret - The app secret of the Slack-app.
- slack
App StringSigning Secret - The signing secret of the Slack-app.
- slack
App StringVerification Token - The verification token of the Slack-app.
- snippet
Size NumberLimit - Max snippet content size in bytes.
- snowplow
App StringId - The Snowplow site name / application ID. (for example, gitlab)
- snowplow
Collector StringHostname - The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
- String
- The Snowplow cookie domain. (for example, .gitlab.com)
- snowplow
Enabled Boolean - Enable snowplow tracking.
- sourcegraph
Enabled Boolean - Enables Sourcegraph integration. If enabled, requires sourcegraph_url.
- sourcegraph
Public BooleanOnly - Blocks Sourcegraph from being loaded on private and internal projects.
- sourcegraph
Url String - The Sourcegraph instance URL for integration.
- spam
Check StringApi Key - API key used by GitLab for accessing the Spam Check service endpoint.
- spam
Check BooleanEndpoint Enabled - Enables spam checking using external Spam Check API endpoint.
- spam
Check StringEndpoint Url - URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
- suggest
Pipeline BooleanEnabled - Enable pipeline suggestion banner.
- terminal
Max NumberSession Time - Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
- terms String
- (Required by: enforce_terms) Markdown content for the ToS.
- throttle
Authenticated BooleanApi Enabled - (If enabled, requires: throttleauthenticatedapiperiodinseconds and throttleauthenticatedapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Authenticated NumberApi Period In Seconds - Rate limit period (in seconds).
- throttle
Authenticated NumberApi Requests Per Period - Maximum requests per period per user.
- throttle
Authenticated BooleanPackages Api Enabled - (If enabled, requires: throttleauthenticatedpackagesapiperiodinseconds and throttleauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle
Authenticated NumberPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle
Authenticated NumberPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle
Authenticated BooleanWeb Enabled - (If enabled, requires: throttleauthenticatedwebperiodinseconds and throttleauthenticatedwebrequestsperperiod) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Authenticated NumberWeb Period In Seconds - Rate limit period (in seconds).
- throttle
Authenticated NumberWeb Requests Per Period - Maximum requests per period per user.
- throttle
Unauthenticated BooleanApi Enabled - (If enabled, requires: throttleunauthenticatedapiperiodinseconds and throttleunauthenticatedapirequestsperperiod) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Unauthenticated NumberApi Period In Seconds - Rate limit period in seconds.
- throttle
Unauthenticated NumberApi Requests Per Period - Max requests per period per IP.
- throttle
Unauthenticated BooleanPackages Api Enabled - (If enabled, requires: throttleunauthenticatedpackagesapiperiodinseconds and throttleunauthenticatedpackagesapirequestsperperiod) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
- throttle
Unauthenticated NumberPackages Api Period In Seconds - Rate limit period (in seconds). View Package Registry rate limits for more details.
- throttle
Unauthenticated NumberPackages Api Requests Per Period - Maximum requests per period per user. View Package Registry rate limits for more details.
- throttle
Unauthenticated BooleanWeb Enabled - (If enabled, requires: throttleunauthenticatedwebperiodinseconds and throttleunauthenticatedwebrequestsperperiod) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
- throttle
Unauthenticated NumberWeb Period In Seconds - Rate limit period in seconds.
- throttle
Unauthenticated NumberWeb Requests Per Period - Max requests per period per IP.
- time
Tracking BooleanLimit To Hours - Limit display of time tracking units to hours.
- two
Factor NumberGrace Period - Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
- unique
Ips BooleanLimit Enabled - (If enabled, requires: uniqueipslimitperuser and uniqueipslimittimewindow) Limit sign in from multiple IPs.
- unique
Ips NumberLimit Per User - Maximum number of IPs per user.
- unique
Ips NumberLimit Time Window - How many seconds an IP is counted towards the limit.
- usage
Ping BooleanEnabled - Every week GitLab reports license usage back to GitLab, Inc.
- user
Deactivation BooleanEmails Enabled - Send an email to users upon account deactivation.
- user
Default BooleanExternal - Newly registered users are external by default.
- user
Default StringInternal Regex - Specify an email address regex pattern to identify default internal users.
- user
Oauth BooleanApplications - Allow users to register any application to use GitLab as an OAuth provider.
- user
Show BooleanAdd Ssh Key Message - When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
- version
Check BooleanEnabled - Let GitLab inform you when an update is available.
- web
Ide BooleanClientside Preview Enabled - Live Preview (allow live previews of JavaScript projects in the Web IDE using CodeSandbox Live Preview).
- whats
New StringVariant - What’s new variant, possible values: alltiers, currenttier, and disabled.
- wiki
Page NumberMax Content Bytes - Maximum wiki page content size in bytes. The minimum value is 1024 bytes.
Supporting Types
ApplicationSettingsDefaultBranchProtectionDefaults, ApplicationSettingsDefaultBranchProtectionDefaultsArgs
- Allow
Force boolPush - Allow force push for all users with push access.
- Allowed
To List<object>Merges - An array of access levels allowed to merge. Supports Developer (30) or Maintainer (40).
- Allowed
To List<object>Pushes - An array of access levels allowed to push. Supports Developer (30) or Maintainer (40).
- Developer
Can boolInitial Push - Allow developers to initial push.
- Allow
Force boolPush - Allow force push for all users with push access.
- Allowed
To []interface{}Merges - An array of access levels allowed to merge. Supports Developer (30) or Maintainer (40).
- Allowed
To []interface{}Pushes - An array of access levels allowed to push. Supports Developer (30) or Maintainer (40).
- Developer
Can boolInitial Push - Allow developers to initial push.
- allow
Force BooleanPush - Allow force push for all users with push access.
- allowed
To List<Object>Merges - An array of access levels allowed to merge. Supports Developer (30) or Maintainer (40).
- allowed
To List<Object>Pushes - An array of access levels allowed to push. Supports Developer (30) or Maintainer (40).
- developer
Can BooleanInitial Push - Allow developers to initial push.
- allow
Force booleanPush - Allow force push for all users with push access.
- allowed
To any[]Merges - An array of access levels allowed to merge. Supports Developer (30) or Maintainer (40).
- allowed
To any[]Pushes - An array of access levels allowed to push. Supports Developer (30) or Maintainer (40).
- developer
Can booleanInitial Push - Allow developers to initial push.
- allow_
force_ boolpush - Allow force push for all users with push access.
- allowed_
to_ Sequence[Any]merges - An array of access levels allowed to merge. Supports Developer (30) or Maintainer (40).
- allowed_
to_ Sequence[Any]pushes - An array of access levels allowed to push. Supports Developer (30) or Maintainer (40).
- developer_
can_ boolinitial_ push - Allow developers to initial push.
- allow
Force BooleanPush - Allow force push for all users with push access.
- allowed
To List<Any>Merges - An array of access levels allowed to merge. Supports Developer (30) or Maintainer (40).
- allowed
To List<Any>Pushes - An array of access levels allowed to push. Supports Developer (30) or Maintainer (40).
- developer
Can BooleanInitial Push - Allow developers to initial push.
Package Details
- Repository
- GitLab pulumi/pulumi-gitlab
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
gitlabTerraform Provider.