GitLab SSO
Learn how to configure GitLab SSO for Infisical.
Using GitLab SSO on a self-hosted instance of Infisical requires configuring an OAuth application in GitLab and registering your instance with it.
Create an OAuth application in GitLab
Navigate to your user Settings > Applications to create a new GitLab application.
Create the application. As part of the form, set the Redirect URI to https://your-domain.com/api/v1/sso/gitlab
.
Note that only read_user
is required as part of the Scopes configuration.
If you have a GitLab group, you can create an OAuth application under it in your group Settings > Applications.
Add your OAuth application credentials to Infisical
Obtain the Application ID and Secret for your GitLab application.
Back in your Infisical instance, make sure to set the following environment variables:
CLIENT_ID_GITLAB_LOGIN
: The Client ID of your GitLab application.CLIENT_SECRET_GITLAB_LOGIN
: The Secret of your GitLab application.- (optional)
URL_GITLAB_LOGIN
: The URL of your self-hosted instance of GitLab where the OAuth application is registered. If no URL is passed in, this will default tohttps://gitlab.com
. AUTH_SECRET
: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated withopenssl rand -base64 32
.SITE_URL
: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com)
Once added, restart your Infisical instance and log in with GitLab.
FAQ
Was this page helpful?