- Documentation
- Internals
- SDKs
- API Reference
- Changelog
- Contributing
- Blog
- Slack
- GitHub
Getting Started
Guides
- Organization
- Project
- Folders
- Reference and Import Secrets
- Webhooks
- Point-in-Time Recovery
- Secret Versioning
- Audit Logs
- Service token
- IP Allowlisting
- MFA
SSO
Deployment options
- All environment variables
- Configure email service
- Configure Redis
- Configure SSO
- FAQ
- Overview
AWS
Digital Ocean
- Heroku
- Vercel
- Netlify
- Render
- Railway
- Fly.io
- Laravel Forge
- Supabase
- Northflank
- Terraform Cloud
- TeamCity
- Cloudflare Pages
- Checkly
- Qovery
- HashiCorp Vault
- Azure Key Vault
- GCP Secret Manager
- Cloud 66
- Windmill
- GitHub Actions
- GitLab
- CircleCI
- Travis CI
- Bitbucket
- Codefresh
Overview
Platform
Self-host Infisical
Integrations
3rd-party Integrations
GitLab
Usage
Self-Hosted Setup
Prerequisites:
- Set up and add envars to Infisical Cloud
Navigate to your project’s integrations tab
Authorize Infisical for GitLab
Press on the GitLab tile and grant Infisical access to your GitLab account.
If this is your project’s first cloud integration, then you’ll have to grant Infisical access to your project’s environment variables. Although this step breaks E2EE, it’s necessary for Infisical to sync the environment variables to the cloud platform.
Start integration
Select which Infisical environment secrets you want to sync to which GitLab repository and press create integration to start syncing secrets to GitLab.
Note that the GitLab integration supports a few options in the Options tab:
- Secret Prefix: If inputted, the prefix is appended to the front of every secret name prior to being synced.
- Secret Suffix: If inputted, the suffix to appended to the back of every name of every secret prior to being synced.
Setting a secret prefix or suffix ensures that existing secrets in GCP Secret Manager are not overwritten during the sync. As part of this process, Infisical abstains from mutating any secrets in GitLab without the specified prefix or suffix.
Generate service token
Generate an Infisical Token for the specific project and environment in Infisical.
Set the Infisical Token in Gitlab
Create a new variable called INFISICAL_TOKEN with the value set to the token from the previous step in Settings > CI/CD > Variables of your GitLab repository.
Configure Infisical in your pipeline
Edit your .gitlab-ci.yml to include the Infisical CLI installation. This will allow you to use the CLI for fetching and injecting secrets into any script or command within your Gitlab CI/CD process.
Example
image: ubuntu
stages:
- build
- test
- deploy
build-job:
stage: build
script:
- apt update && apt install -y curl
- curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash
- apt-get update && apt-get install -y infisical
- infisical run -- npm run build