Using GitLab SSO on a self-hosted instance of Infisical requires configuring an OAuth application in GitLab and registering your instance with it.

1

Create an OAuth application in GitLab

Navigate to your user Settings > Applications to create a new GitLab application.

sso gitlab config sso gitlab config

Create the application. As part of the form, set the Redirect URI to https://your-domain.com/api/v1/sso/gitlab. Note that only read_user is required as part of the Scopes configuration.

sso gitlab config

If you have a GitLab group, you can create an OAuth application under it in your group Settings > Applications.

2

Add your OAuth application credentials to Infisical

Obtain the Application ID and Secret for your GitLab application.

sso gitlab config

Back in your Infisical instance, make sure to set the following environment variables:

  • CLIENT_ID_GITLAB_LOGIN: The Client ID of your GitLab application.
  • CLIENT_SECRET_GITLAB_LOGIN: The Secret of your GitLab application.
  • (optional) URL_GITLAB_LOGIN: The URL of your self-hosted instance of GitLab where the OAuth application is registered. If no URL is passed in, this will default to https://gitlab.com.
  • AUTH_SECRET: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated with openssl rand -base64 32.
  • SITE_URL: The URL of your self-hosted instance of Infisical - should be an absolute URL including the protocol (e.g. https://app.infisical.com)

Once added, restart your Infisical instance and log in with GitLab.

FAQ

Was this page helpful?

GitHub SSOOkta SAML