GitLab

Prerequisites:

Set up and add envars to Infisical Cloud

Standard

Pipeline

Authorize Infisical for GitLab

Generate an Infisical Token for the specific project and environment in Infisical.

Next, create a new variable called INFISICAL_TOKEN with the value set to the token from the previous step in Settings > CI/CD > Variables of your GitLab repository.

Configure Infisical in your pipeline

Edit your .gitlab-ci.yml to include the Infisical CLI installation. This will allow you to use the CLI for fetching and injecting secrets into any script or command within your Gitlab CI/CD process.

Example

image: ubuntu

stages:
  - build
  - test
  - deploy

build-job:
  stage: build
  script:
    - apt update && apt install -y curl
    - curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash
    - apt-get update && apt-get install -y infisical
    - infisical run -- npm run build

Prerequisites:

Set up and add envars to Infisical Cloud

Standard

Pipeline

Authorize Infisical for GitLab

Generate an Infisical Token for the specific project and environment in Infisical.

Next, create a new variable called INFISICAL_TOKEN with the value set to the token from the previous step in Settings > CI/CD > Variables of your GitLab repository.

Configure Infisical in your pipeline

Example

image: ubuntu

stages:
  - build
  - test
  - deploy

build-job:
  stage: build
  script:
    - apt update && apt install -y curl
    - curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash
    - apt-get update && apt-get install -y infisical
    - infisical run -- npm run build

Using the GitLab integration on a self-hosted instance of Infisical requires configuring an application in GitLab and registering your instance with it.

If you’re self-hosting Gitlab with custom certificates, you will have to configure your Infisical instance to trust these certificates. To learn how, please follow this guide.

Create an OAuth application in GitLab

Navigate to your user Settings > Applications to create a new GitLab application.

Create the application. As part of the form, set the Redirect URI to https://your-domain.com/integrations/gitlab/oauth2/callback.

If you have a GitLab group, you can create an OAuth application under it in your group Settings > Applications.

Add your OAuth application credentials to Infisical

Obtain the Application ID and Secret for your GitLab application.

Back in your Infisical instance, add two new environment variables for the credentials of your GitLab application:

CLIENT_ID_GITLAB: The Client ID of your GitLab application.
CLIENT_SECRET_GITLAB: The Secret of your GitLab application.

Once added, restart your Infisical instance and use the GitLab integration.

Infrastructure Integrations

App Connections

Secret Syncs

Native Integrations

CI/CD Integrations

Framework Integrations

Build Tool Integrations

Others

Example

Example