Application settings API

These API calls allow you to read and modify GitLab instance application settings as they appear in /admin/application_settings/general. You must be an administrator to perform this action.

Application settings are subject to caching and may not immediately take effect. By default, GitLab caches application settings for 60 seconds. For information on how to control the application settings cache for an instance, see Application cache interval.

Get current application settings

List the current application settings of the GitLab instance.

GET /application/settings
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/application/settings"

Example response:

{
  "default_projects_limit" : 100000,
  "signup_enabled" : true,
  "id" : 1,
  "default_branch_protection" : 2,
  "default_preferred_language" : "en",
  "restricted_visibility_levels" : [],
  "password_authentication_enabled_for_web" : true,
  "after_sign_out_path" : null,
  "max_attachment_size" : 10,
  "max_export_size": 50,
  "max_import_size": 50,
  "user_oauth_applications" : true,
  "updated_at" : "2016-01-04T15:44:55.176Z",
  "session_expire_delay" : 10080,
  "home_page_url" : null,
  "default_snippet_visibility" : "private",
  "outbound_local_requests_whitelist": [],
  "domain_allowlist" : [],
  "domain_denylist_enabled" : false,
  "domain_denylist" : [],
  "created_at" : "2016-01-04T15:44:55.176Z",
  "default_ci_config_path" : null,
  "default_project_visibility" : "private",
  "default_group_visibility" : "private",
  "gravatar_enabled" : true,
  "sign_in_text" : null,
  "container_expiration_policies_enable_historic_entries": true,
  "container_registry_cleanup_tags_service_max_list_size": 200,
  "container_registry_delete_tags_service_timeout": 250,
  "container_registry_expiration_policies_caching": true,
  "container_registry_expiration_policies_worker_capacity": 4,
  "container_registry_token_expire_delay": 5,
  "repository_storages_weighted": {"default": 100},
  "plantuml_enabled": false,
  "plantuml_url": null,
  "kroki_enabled": false,
  "kroki_url": null,
  "terminal_max_session_time": 0,
  "polling_interval_multiplier": 1.0,
  "rsa_key_restriction": 0,
  "dsa_key_restriction": 0,
  "ecdsa_key_restriction": 0,
  "ed25519_key_restriction": 0,
  "ecdsa_sk_key_restriction": 0,
  "ed25519_sk_key_restriction": 0,
  "first_day_of_week": 0,
  "enforce_terms": true,
  "terms": "Hello world!",
  "performance_bar_allowed_group_id": 42,
  "user_show_add_ssh_key_message": true,
  "local_markdown_version": 0,
  "allow_local_requests_from_hooks_and_services": true,
  "allow_local_requests_from_web_hooks_and_services": true,
  "allow_local_requests_from_system_hooks": false,
  "asset_proxy_enabled": true,
  "asset_proxy_url": "https://assets.example.com",
  "asset_proxy_whitelist": ["example.com", "*.example.com", "your-instance.com"],
  "asset_proxy_allowlist": ["example.com", "*.example.com", "your-instance.com"],
  "maven_package_requests_forwarding": true,
  "npm_package_requests_forwarding": true,
  "pypi_package_requests_forwarding": true,
  "snippet_size_limit": 52428800,
  "issues_create_limit": 300,
  "raw_blob_request_limit": 300,
  "wiki_page_max_content_bytes": 52428800,
  "require_admin_approval_after_user_signup": false,
  "personal_access_token_prefix": "glpat-",
  "rate_limiting_response_text": null,
  "keep_latest_artifact": true,
  "admin_mode": false,
  "floc_enabled": false,
  "external_pipeline_validation_service_timeout": null,
  "external_pipeline_validation_service_token": null,
  "external_pipeline_validation_service_url": null,
  "jira_connect_application_key": null,
  "jira_connect_proxy_url": null,
  "silent_mode_enabled": false
}

Users on GitLab Premium or Ultimate may also see the group_owners_can_manage_default_branch_protection, file_template_project_id, delayed_project_deletion, delayed_group_deletion, deletion_adjourned_period, disable_personal_access_tokens, or the geo_node_allowed_ips parameters:

From GitLab 15.11, with the always_perform_delayed_deletion feature flag enabled, the delayed_project_deletion and delayed_group_deletion attributes will not be exposed. These attributes will be removed in GitLab 16.0.

{
  "id": 1,
  "signup_enabled": true,
  "group_owners_can_manage_default_branch_protection": true,
  "file_template_project_id": 1,
  "geo_node_allowed_ips": "0.0.0.0/0, ::/0",
  "delayed_project_deletion": false,
  "delayed_group_deletion": false,
  "deletion_adjourned_period": 7,
  "disable_personal_access_tokens": false,
  ...
}

Change application settings

Use an API call to modify GitLab instance application settings.

PUT /application/settings
curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/application/settings?signup_enabled=false&default_project_visibility=internal"

Example response:

{
  "id": 1,
  "default_projects_limit": 100000,
  "default_preferred_language": "en",
  "signup_enabled": false,
  "password_authentication_enabled_for_web": true,
  "gravatar_enabled": true,
  "sign_in_text": "",
  "created_at": "2015-06-12T15:51:55.432Z",
  "updated_at": "2015-06-30T13:22:42.210Z",
  "home_page_url": "",
  "default_branch_protection": 2,
  "restricted_visibility_levels": [],
  "max_attachment_size": 10,
  "max_export_size": 50,
  "max_import_size": 50,
  "session_expire_delay": 10080,
  "default_ci_config_path" : null,
  "default_project_visibility": "internal",
  "default_snippet_visibility": "private",
  "default_group_visibility": "private",
  "outbound_local_requests_whitelist": [],
  "domain_allowlist": [],
  "domain_denylist_enabled" : false,
  "domain_denylist" : [],
  "external_authorization_service_enabled": true,
  "external_authorization_service_url": "https://authorize.me",
  "external_authorization_service_default_label": "default",
  "external_authorization_service_timeout": 0.5,
  "user_oauth_applications": true,
  "after_sign_out_path": "",
  "container_expiration_policies_enable_historic_entries": true,
  "container_registry_cleanup_tags_service_max_list_size": 200,
  "container_registry_delete_tags_service_timeout": 250,
  "container_registry_expiration_policies_caching": true,
  "container_registry_expiration_policies_worker_capacity": 4,
  "container_registry_token_expire_delay": 5,
  "package_registry_cleanup_policies_worker_capacity": 2,
  "repository_storages": ["default"],
  "plantuml_enabled": false,
  "plantuml_url": null,
  "terminal_max_session_time": 0,
  "polling_interval_multiplier": 1.0,
  "rsa_key_restriction": 0,
  "dsa_key_restriction": 0,
  "ecdsa_key_restriction": 0,
  "ed25519_key_restriction": 0,
  "ecdsa_sk_key_restriction": 0,
  "ed25519_sk_key_restriction": 0,
  "first_day_of_week": 0,
  "enforce_terms": true,
  "terms": "Hello world!",
  "performance_bar_allowed_group_id": 42,
  "user_show_add_ssh_key_message": true,
  "file_template_project_id": 1,
  "local_markdown_version": 0,
  "asset_proxy_enabled": true,
  "asset_proxy_url": "https://assets.example.com",
  "asset_proxy_allowlist": ["example.com", "*.example.com", "your-instance.com"],
  "geo_node_allowed_ips": "0.0.0.0/0, ::/0",
  "allow_local_requests_from_hooks_and_services": true,
  "allow_local_requests_from_web_hooks_and_services": true,
  "allow_local_requests_from_system_hooks": false,
  "maven_package_requests_forwarding": true,
  "npm_package_requests_forwarding": true,
  "pypi_package_requests_forwarding": true,
  "snippet_size_limit": 52428800,
  "issues_create_limit": 300,
  "raw_blob_request_limit": 300,
  "wiki_page_max_content_bytes": 52428800,
  "require_admin_approval_after_user_signup": false,
  "personal_access_token_prefix": "glpat-",
  "rate_limiting_response_text": null,
  "keep_latest_artifact": true,
  "admin_mode": false,
  "external_pipeline_validation_service_timeout": null,
  "external_pipeline_validation_service_token": null,
  "external_pipeline_validation_service_url": null,
  "can_create_group": false,
  "jira_connect_application_key": "123",
  "jira_connect_proxy_url": "http://gitlab.example.com",
  "user_defaults_to_private_profile": true,
  "projects_api_rate_limit_unauthenticated": 400,
  "silent_mode_enabled": false
}

Users on GitLab Premium or Ultimate may also see these parameters:

  • group_owners_can_manage_default_branch_protection
  • file_template_project_id
  • geo_node_allowed_ips
  • geo_status_timeout
  • delayed_project_deletion
  • delayed_group_deletion
  • deletion_adjourned_period
  • disable_personal_access_tokens

From GitLab 15.11, with the always_perform_delayed_deletion feature flag enabled, the delayed_project_deletion and delayed_group_deletion attributes will not be exposed. These attributes will be removed in GitLab 16.0.

Example responses:

  "file_template_project_id": 1,
  "geo_node_allowed_ips": "0.0.0.0/0, ::/0"

List of settings that can be accessed via API calls

Fields housekeeping_full_repack_period, housekeeping_gc_period, and housekeeping_incremental_repack_period deprecated in GitLab 15.8. Use housekeeping_optimize_repository_period instead.

In general, all settings are optional. Certain settings though, if enabled, require other settings to be set to function properly. These requirements are listed in the descriptions of the relevant settings.

Attribute Type Required Description
admin_mode boolean no Require administrators to enable Admin Mode by re-authenticating for administrative tasks.
admin_notification_email string no Deprecated: Use abuse_notification_email instead. If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
abuse_notification_email string no If set, abuse reports are sent to this address. Abuse reports are always available in the Admin Area.
after_sign_out_path string no Where to redirect users after logout.
after_sign_up_text string no Text shown to the user after signing up.
akismet_api_key string required by: akismet_enabled API key for Akismet spam protection.
akismet_enabled boolean no (If enabled, requires: akismet_api_key) Enable or disable Akismet spam protection.
allow_group_owners_to_manage_ldap boolean no Set to true to allow group owners to manage LDAP.
allow_local_requests_from_hooks_and_services boolean no (Deprecated: Use allow_local_requests_from_web_hooks_and_services instead) Allow requests to the local network from webhooks and integrations.
allow_local_requests_from_system_hooks boolean no Allow requests to the local network from system hooks.
allow_local_requests_from_web_hooks_and_services boolean no Allow requests to the local network from webhooks and integrations.
allow_runner_registration_token boolean no Allow using a registration token to create a runner. Defaults to true.
archive_builds_in_human_readable string no Set the duration for which the jobs are considered as old and expired. After that time passes, the jobs are archived and no longer able to be retried. Make it empty to never expire jobs. It has to be no less than 1 day, for example: 15 days, 1 month, 2 years.
asset_proxy_enabled boolean no (If enabled, requires: asset_proxy_url) Enable proxying of assets. GitLab restart is required to apply changes.
asset_proxy_secret_key string no Shared secret with the asset proxy server. GitLab restart is required to apply changes.
asset_proxy_url string no URL of the asset proxy server. GitLab restart is required to apply changes.
asset_proxy_whitelist string or array of strings no (Deprecated: Use asset_proxy_allowlist instead) Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
asset_proxy_allowlist string or array of strings no Assets that match these domains are not proxied. Wildcards allowed. Your GitLab installation URL is automatically allowlisted. GitLab restart is required to apply changes.
authorized_keys_enabled boolean no By default, we write to the authorized_keys file to support Git over SSH without additional configuration. GitLab can be optimized to authenticate SSH keys via the database file. Only disable this if you have configured your OpenSSH server to use the AuthorizedKeysCommand.
auto_devops_domain string no Specify a domain to use by default for every project’s Auto Review Apps and Auto Deploy stages.
auto_devops_enabled boolean no Enable Auto DevOps for projects by default. It automatically builds, tests, and deploys applications based on a predefined CI/CD configuration.
automatic_purchased_storage_allocation boolean no Enabling this permits automatic allocation of purchased storage in a namespace.
bulk_import_enabled boolean no Enable migrating GitLab groups by direct transfer. Introduced in GitLab 15.8. Setting also available in the Admin Area.
can_create_group boolean no Indicates whether users can create top-level groups. Introduced in GitLab 15.5. Defaults to true.
check_namespace_plan boolean no Enabling this makes only licensed EE features available to projects if the project namespace’s plan includes the feature or if the project is public.
commit_email_hostname string no Custom hostname (for private commit emails).
container_expiration_policies_enable_historic_entries boolean no Enable cleanup policies for all projects.
container_registry_cleanup_tags_service_max_list_size integer no The maximum number of tags that can be deleted in a single execution of cleanup policies.
container_registry_delete_tags_service_timeout integer no The maximum time, in seconds, that the cleanup process can take to delete a batch of tags for cleanup policies.
container_registry_expiration_policies_caching boolean no Caching during the execution of cleanup policies.
container_registry_expiration_policies_worker_capacity integer no Number of workers for cleanup policies.
container_registry_token_expire_delay integer no Container Registry token duration in minutes.
package_registry_cleanup_policies_worker_capacity integer no Number of workers assigned to the packages cleanup policies.
deactivate_dormant_users boolean no Enable automatic deactivation of dormant users.
deactivate_dormant_users_period integer no Length of time (in days) after which a user is considered dormant. Introduced in GitLab 15.3.
default_artifacts_expire_in string no Set the default expiration time for each job’s artifacts.
default_branch_name string no Instance-level custom initial branch name. Introduced in GitLab 13.2.
default_branch_protection integer no Determine if developers can push to the default branch. Can take: 0 (not protected, both users with the Developer role or Maintainer role can push new commits and force push), 1 (partially protected, users with the Developer role or Maintainer role can push new commits, but cannot force push) or 2 (fully protected, users with the Developer or Maintainer role cannot push new commits, but users with the Developer or Maintainer role can; no one can force push) as a parameter. Default is 2.
default_ci_config_path string no Default CI/CD configuration file and path for new projects (.gitlab-ci.yml if not set).
default_group_visibility string no What visibility level new groups receive. Can take private, internal and public as a parameter. Default is private.
default_preferred_language string no Default preferred language for users who are not logged in.
default_project_creation integer no Default project creation protection. Can take: 0 (No one), 1 (Maintainers) or 2 (Developers + Maintainers)
default_project_visibility string no What visibility level new projects receive. Can take private, internal and public as a parameter. Default is private.
default_projects_limit integer no Project limit per user. Default is 100000.
default_snippet_visibility string no What visibility level new snippets receive. Can take private, internal and public as a parameter. Default is private.
default_syntax_highlighting_theme integer no Default syntax highlighting theme for new users and users who are not signed in. See IDs of available themes.
delayed_project_deletion boolean no Enable delayed project deletion by default in new groups. Default is false. From GitLab 15.1, can only be enabled when delayed_group_deletion is true. From GitLab 15.11, with the always_perform_delayed_deletion feature flag enabled, this attribute has been removed. This attribute will be completely removed in GitLab 16.0.
delayed_group_deletion boolean no Enable delayed group deletion. Default is true. Introduced in GitLab 15.0. From GitLab 15.1, disables and locks the group-level setting for delayed protect deletion when set to false. From GitLab 15.11, with the always_perform_delayed_deletion feature flag enabled, this attribute has been removed. This attribute will be completely removed in GitLab 16.0.
deletion_adjourned_period integer no The number of days to wait before deleting a project or group that is marked for deletion. Value must be between 1 and 90. Defaults to 7. From GitLab 15.1, a hook on deletion_adjourned_period sets the period to 1 on every update, and sets both delayed_project_deletion and delayed_group_deletion to false if the period is 0.
diff_max_patch_bytes integer no Maximum diff patch size, in bytes.
diff_max_files integer no Maximum files in a diff.
diff_max_lines integer no Maximum lines in a diff.
disable_admin_oauth_scopes boolean no Stops administrators from connecting their GitLab accounts to non-trusted OAuth 2.0 applications that have the api, read_api, read_repository, write_repository, read_registry, write_registry, or sudo scopes. Introduced in GitLab 15.6.
disable_feed_token boolean no Disable display of RSS/Atom and calendar feed tokens. Introduced in GitLab 13.7.
disable_personal_access_token boolean no Disable personal access tokens. Introduced in GitLab 15.7.
disabled_oauth_sign_in_sources array of strings no Disabled OAuth sign-in sources.
dns_rebinding_protection_enabled boolean no Enforce DNS-rebinding attack protection.
domain_denylist_enabled boolean no (If enabled, requires: domain_denylist) Allows blocking sign-ups from emails from specific domains.
domain_denylist array of strings no Users with email addresses that match these domains cannot sign up. Wildcards allowed. Use separate lines for multiple entries. For example: domain.com, *.domain.com.
domain_allowlist array of strings no Force people to use only corporate emails for sign-up. Default is null, meaning there is no restriction.
dsa_key_restriction integer no The minimum allowed bit length of an uploaded DSA key. Default is 0 (no restriction). -1 disables DSA keys.
ecdsa_key_restriction integer no The minimum allowed curve size (in bits) of an uploaded ECDSA key. Default is 0 (no restriction). -1 disables ECDSA keys.
ecdsa_sk_key_restriction integer no The minimum allowed curve size (in bits) of an uploaded ECDSA_SK key. Default is 0 (no restriction). -1 disables ECDSA_SK keys.
ed25519_key_restriction integer no The minimum allowed curve size (in bits) of an uploaded ED25519 key. Default is 0 (no restriction). -1 disables ED25519 keys.
ed25519_sk_key_restriction integer no The minimum allowed curve size (in bits) of an uploaded ED25519_SK key. Default is 0 (no restriction). -1 disables ED25519_SK keys.
eks_access_key_id string no AWS IAM access key ID.
eks_account_id string no Amazon account ID.
eks_integration_enabled boolean no Enable integration with Amazon EKS.
eks_secret_access_key string no AWS IAM secret access key.
elasticsearch_aws_access_key string no AWS IAM access key.
elasticsearch_aws_region string no The AWS region the Elasticsearch domain is configured.
elasticsearch_aws_secret_access_key string no AWS IAM secret access key.
elasticsearch_aws boolean no Enable the use of AWS hosted Elasticsearch.
elasticsearch_indexed_field_length_limit integer no Maximum size of text fields to index by Elasticsearch. 0 value means no limit. This does not apply to repository and wiki indexing.
elasticsearch_indexed_file_size_limit_kb integer no Maximum size of repository and wiki files that are indexed by Elasticsearch.
elasticsearch_indexing boolean no Enable Elasticsearch indexing.
elasticsearch_limit_indexing boolean no Limit Elasticsearch to index certain namespaces and projects.
elasticsearch_max_bulk_concurrency integer no Maximum concurrency of Elasticsearch bulk requests per indexing operation. This only applies to repository indexing operations.
elasticsearch_max_bulk_size_mb integer no Maximum size of Elasticsearch bulk indexing requests in MB. This only applies to repository indexing operations.
elasticsearch_namespace_ids array of integers no The namespaces to index via Elasticsearch if elasticsearch_limit_indexing is enabled.
elasticsearch_project_ids array of integers no The projects to index via Elasticsearch if elasticsearch_limit_indexing is enabled.
elasticsearch_search boolean no Enable Elasticsearch search.
elasticsearch_url string no The URL to use for connecting to Elasticsearch. Use a comma-separated list to support cluster (for example, http://localhost:9200, http://localhost:9201").
elasticsearch_username string no The username of your Elasticsearch instance.
elasticsearch_password string no The password of your Elasticsearch instance.
email_additional_text string no Additional text added to the bottom of every email for legal/auditing/compliance reasons.
email_author_in_body boolean no Some email servers do not support overriding the email sender name. Enable this option to include the name of the author of the issue, merge request or comment in the email body instead.
email_confirmation_setting string no Specifies whether users must confirm their email before sign in. Possible values are off, soft, and hard.
enabled_git_access_protocol string no Enabled protocols for Git access. Allowed values are: ssh, http, and nil to allow both protocols.
enforce_namespace_storage_limit boolean no Enabling this permits enforcement of namespace storage limits.
enforce_terms boolean no (If enabled, requires: terms) Enforce application ToS to all users.
external_auth_client_cert string no (If enabled, requires: external_auth_client_key) The certificate to use to authenticate with the external authorization service.
external_auth_client_key_pass string no Passphrase to use for the private key when authenticating with the external service this is encrypted when stored.
external_auth_client_key string required by: external_auth_client_cert Private key for the certificate when authentication is required for the external authorization service, this is encrypted when stored.
external_authorization_service_default_label string required by:
external_authorization_service_enabled
The default classification label to use when requesting authorization and no classification label has been specified on the project.
external_authorization_service_enabled boolean no (If enabled, requires: external_authorization_service_default_label, external_authorization_service_timeout and external_authorization_service_url) Enable using an external authorization service for accessing projects.
external_authorization_service_timeout float required by:
external_authorization_service_enabled
The timeout after which an authorization request is aborted, in seconds. When a request times out, access is denied to the user. (min: 0.001, max: 10, step: 0.001).
external_authorization_service_url string required by:
external_authorization_service_enabled
URL to which authorization requests are directed.
external_pipeline_validation_service_url string no URL to use for pipeline validation requests.
external_pipeline_validation_service_token string no Optional. Token to include as the X-Gitlab-Token header in requests to the URL in external_pipeline_validation_service_url.
external_pipeline_validation_service_timeout integer no How long to wait for a response from the pipeline validation service. Assumes OK if it times out.
file_template_project_id integer no The ID of a project to load custom file templates from.
first_day_of_week integer no Start day of the week for calendar views and date pickers. Valid values are 0 (default) for Sunday, 1 for Monday, and 6 for Saturday.
geo_node_allowed_ips string yes Comma-separated list of IPs and CIDRs of allowed secondary nodes. For example, 1.1.1.1, 2.2.2.0/24.
geo_status_timeout integer no The amount of seconds after which a request to get a secondary node status times out.
git_two_factor_session_expiry integer no Maximum duration (in minutes) of a session for Git operations when 2FA is enabled.
gitaly_timeout_default integer no Default Gitaly timeout, in seconds. This timeout is not enforced for Git fetch/push operations or Sidekiq jobs. Set to 0 to disable timeouts.
gitaly_timeout_fast integer no Gitaly fast operation timeout, in seconds. Some Gitaly operations are expected to be fast. If they exceed this threshold, there may be a problem with a storage shard and ‘failing fast’ can help maintain the stability of the GitLab instance. Set to 0 to disable timeouts.
gitaly_timeout_medium integer no Medium Gitaly timeout, in seconds. This should be a value between the Fast and the Default timeout. Set to 0 to disable timeouts.
gitlab_dedicated_instance boolean no Indicates whether the instance was provisioned for GitLab Dedicated.
grafana_enabled boolean no Enable Grafana.
grafana_url string no Grafana URL.
gravatar_enabled boolean no Enable Gravatar.
group_owners_can_manage_default_branch_protection boolean no Prevent overrides of default branch protection.
hashed_storage_enabled boolean no Create new projects using hashed storage paths: Enable immutable, hash-based paths and repository names to store repositories on disk. This prevents repositories from having to be moved or renamed when the Project URL changes and may improve disk I/O performance. (Always enabled in GitLab versions 13.0 and later, configuration is scheduled for removal in 14.0)
help_page_hide_commercial_content boolean no Hide marketing-related entries from help.
help_page_support_url string no Alternate support URL for help page and help dropdown list.
help_page_text string no Custom text displayed on the help page.
help_text string no GitLab server administrator information.
hide_third_party_offers boolean no Do not display offers from third parties in GitLab.
home_page_url string no Redirect to this URL when not logged in.
housekeeping_bitmaps_enabled boolean no Deprecated. Git pack file bitmap creation is always enabled and cannot be changed via API and UI. Always returns true.
housekeeping_enabled boolean no Enable or disable Git housekeeping. Requires additional fields to be set. For more information, see Housekeeping fields.
housekeeping_full_repack_period integer no Deprecated. Number of Git pushes after which an incremental git repack is run. Use housekeeping_optimize_repository_period instead. For more information, see Housekeeping fields.
housekeeping_gc_period integer no Deprecated. Number of Git pushes after which git gc is run. Use housekeeping_optimize_repository_period instead. For more information, see Housekeeping fields.
housekeeping_incremental_repack_period integer no Deprecated. Number of Git pushes after which an incremental git repack is run. Use housekeeping_optimize_repository_period instead. For more information, see Housekeeping fields.
housekeeping_optimize_repository_period integer no Number of Git pushes after which an incremental git repack is run.
html_emails_enabled boolean no Enable HTML emails.
import_sources array of strings no Sources to allow project import from, possible values: github, bitbucket, bitbucket_server, gitlab, fogbugz, git, gitlab_project, gitea, manifest, and phabricator.
in_product_marketing_emails_enabled boolean no Enable in-product marketing emails. Enabled by default.
invisible_captcha_enabled boolean no Enable Invisible CAPTCHA spam detection during sign-up. Disabled by default.
issues_create_limit integer no Max number of issue creation requests per minute per user. Disabled by default.
keep_latest_artifact boolean no Prevent the deletion of the artifacts from the most recent successful jobs, regardless of the expiry time. Enabled by default.
local_markdown_version integer no Increase this value when any cached Markdown should be invalidated.
mailgun_signing_key string no The Mailgun HTTP webhook signing key for receiving events from webhook.
mailgun_events_enabled boolean no Enable Mailgun event receiver.
maintenance_mode_message string no Message displayed when instance is in maintenance mode.
maintenance_mode boolean no When instance is in maintenance mode, non-administrative users can sign in with read-only access and make read-only API requests.
max_artifacts_size integer no Maximum artifacts size in MB.
max_attachment_size integer no Limit attachment size in MB.
max_export_size integer no Maximum export size in MB. 0 for unlimited. Default = 0 (unlimited).
max_import_size integer no Maximum import size in MB. 0 for unlimited. Default = 0 (unlimited). Changed from 50 MB to 0 in GitLab 13.8.
max_pages_size integer no Maximum size of pages repositories in MB.
max_personal_access_token_lifetime integer no Maximum allowable lifetime for access tokens in days.
max_ssh_key_lifetime integer no Maximum allowable lifetime for SSH keys in days. Introduced in GitLab 14.6.
max_terraform_state_size_bytes integer no Maximum size in bytes of the Terraform state files. Set this to 0 for unlimited file size.
metrics_method_call_threshold integer no A method call is only tracked when it takes longer than the given amount of milliseconds.
max_number_of_repository_downloads integer no Maximum number of unique repositories a user can download in the specified time period before they are banned. Default: 0, Maximum: 10,000 repositories. Introduced in GitLab 15.1.
max_number_of_repository_downloads_within_time_period integer no Reporting time period (in seconds). Default: 0, Maximum: 864000 seconds (10 days). Introduced in GitLab 15.1.
git_rate_limit_users_allowlist array of strings no List of usernames excluded from Git anti-abuse rate limits. Default: [], Maximum: 100 usernames. Introduced in GitLab 15.2.
git_rate_limit_users_alertlist array of integers no List of user IDs that are emailed when the Git abuse rate limit is exceeded. Default: [], Maximum: 100 user IDs. Introduced in GitLab 15.9.
auto_ban_user_on_excessive_projects_download boolean no When enabled, users will get automatically banned from the application when they download more than the maximum number of unique projects in the time period specified by max_number_of_repository_downloads and max_number_of_repository_downloads_within_time_period respectively. Introduced in GitLab 15.4
mirror_available boolean no Allow repository mirroring to configured by project Maintainers. If disabled, only Administrators can configure repository mirroring.
mirror_capacity_threshold integer no Minimum capacity to be available before scheduling more mirrors preemptively.
mirror_max_capacity integer no Maximum number of mirrors that can be synchronizing at the same time.
mirror_max_delay integer no Maximum time (in minutes) between updates that a mirror can have when scheduled to synchronize.
maven_package_requests_forwarding boolean no Use repo.maven.apache.org as a default remote repository when the package is not found in the GitLab Package Registry for Maven.
npm_package_requests_forwarding boolean no Use npmjs.org as a default remote repository when the package is not found in the GitLab Package Registry for npm.
pypi_package_requests_forwarding boolean no Use pypi.org as a default remote repository when the package is not found in the GitLab Package Registry for PyPI.
outbound_local_requests_whitelist array of strings no Define a list of trusted domains or IP addresses to which local requests are allowed when local requests for webhooks and integrations are disabled.
pages_domain_verification_enabled boolean no Require users to prove ownership of custom domains. Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled.
password_authentication_enabled_for_git boolean no Enable authentication for Git over HTTP(S) via a GitLab account password. Default is true.
password_authentication_enabled_for_web boolean no Enable authentication for the web interface via a GitLab account password. Default is true.
password_number_required boolean no Indicates whether passwords require at least one number. Introduced in GitLab 15.1.
password_symbol_required boolean no Indicates whether passwords require at least one symbol character. Introduced in GitLab 15.1.
password_uppercase_required boolean no Indicates whether passwords require at least one uppercase letter. Introduced in GitLab 15.1.
password_lowercase_required boolean no Indicates whether passwords require at least one lowercase letter. Introduced in GitLab 15.1.
performance_bar_allowed_group_id string no (Deprecated: Use performance_bar_allowed_group_path instead) Path of the group that is allowed to toggle the performance bar.
performance_bar_allowed_group_path string no Path of the group that is allowed to toggle the performance bar.
performance_bar_enabled boolean no (Deprecated: Pass performance_bar_allowed_group_path: nil instead) Allow enabling the performance bar.
personal_access_token_prefix string no Prefix for all generated personal access tokens.
pipeline_limit_per_project_user_sha integer no Maximum number of pipeline creation requests per minute per user and commit. Disabled by default.
plantuml_enabled boolean no (If enabled, requires: plantuml_url) Enable PlantUML integration. Default is false.
plantuml_url string required by: plantuml_enabled The PlantUML instance URL for integration.
polling_interval_multiplier decimal no Interval multiplier used by endpoints that perform polling. Set to 0 to disable polling.
project_export_enabled boolean no Enable project export.
projects_api_rate_limit_unauthenticated integer no Introduced in GitLab 15.10. Max number of requests per 10 minutes per IP address for unauthenticated requests to the list all projects API. Default: 400. To disable throttling set to 0.
prometheus_metrics_enabled boolean no Enable Prometheus metrics.
protected_ci_variables boolean no CI/CD variables are protected by default.
push_event_activities_limit integer no Number of changes (branches or tags) in a single push to determine whether individual push events or bulk push events are created. Bulk push events are created if it surpasses that value.
push_event_hooks_limit integer no Number of changes (branches or tags) in a single push to determine whether webhooks and services fire or not. Webhooks and services aren’t submitted if it surpasses that value.
rate_limiting_response_text string no When rate limiting is enabled via the throttle_* settings, send this plain text response when a rate limit is exceeded. ‘Retry later’ is sent if this is blank.
raw_blob_request_limit integer no Max number of requests per minute for each raw path. Default: 300. To disable throttling set to 0.
user_email_lookup_limit integer no caution Deprecated in GitLab 14.9 will be removed in 15.0. Replaced by search_rate_limit. Max number of requests per minute for email lookup. Default: 60. To disable throttling set to 0.
search_rate_limit integer no Max number of requests per minute for performing a search while authenticated. Default: 30. To disable throttling set to 0.
search_rate_limit_unauthenticated integer no Max number of requests per minute for performing a search while unauthenticated. Default: 10. To disable throttling set to 0.
recaptcha_enabled boolean no (If enabled, requires: recaptcha_private_key and recaptcha_site_key) Enable reCAPTCHA.
recaptcha_private_key string required by: recaptcha_enabled Private key for reCAPTCHA.
recaptcha_site_key string required by: recaptcha_enabled Site key for reCAPTCHA.
receive_max_input_size integer no Maximum push size (MB).
repository_checks_enabled boolean no GitLab periodically runs git fsck in all project and wiki repositories to look for silent disk corruption issues.
repository_size_limit integer no Size limit per repository (MB)
repository_storages_weighted hash of strings to integers no (GitLab 13.1 and later) Hash of names of taken from gitlab.yml to weights. New projects are created in one of these stores, chosen by a weighted random selection.
repository_storages array of strings no (GitLab 13.0 and earlier) List of names of enabled storage paths, taken from gitlab.yml. New projects are created in one of these stores, chosen at random.
require_admin_approval_after_user_signup boolean no When enabled, any user that signs up for an account using the registration form is placed under a Pending approval state and has to be explicitly approved by an administrator.
require_two_factor_authentication boolean no (If enabled, requires: two_factor_grace_period) Require all users to set up Two-factor authentication.
restricted_visibility_levels array of strings no Selected levels cannot be used by non-Administrator users for groups, projects or snippets. Can take private, internal and public as a parameter. Default is null which means there is no restriction.
rsa_key_restriction integer no The minimum allowed bit length of an uploaded RSA key. Default is 0 (no restriction). -1 disables RSA keys.
session_expire_delay integer no Session duration in minutes. GitLab restart is required to apply changes.
shared_runners_enabled boolean no (If enabled, requires: shared_runners_text and shared_runners_minutes) Enable shared runners for new projects.
shared_runners_minutes integer required by: shared_runners_enabled Set the maximum number of CI/CD minutes that a group can use on shared runners per month.
shared_runners_text string required by: shared_runners_enabled Shared runners text.
sidekiq_job_limiter_mode string no track or compress. Sets the behavior for Sidekiq job size limits. Default: ‘compress’.
sidekiq_job_limiter_compression_threshold_bytes integer no The threshold in bytes at which Sidekiq jobs are compressed before being stored in Redis. Default: 100,000 bytes (100 KB).
sidekiq_job_limiter_limit_bytes integer no The threshold in bytes at which Sidekiq jobs are rejected. Default: 0 bytes (doesn’t reject any job).
sign_in_text string no Text on the login page.
signin_enabled string no (Deprecated: Use password_authentication_enabled_for_web instead) Flag indicating if password authentication is enabled for the web interface.
signup_enabled boolean no Enable registration. Default is true.
silent_mode_enabled boolean no Enable Silent mode. Default is false.
slack_app_enabled boolean no (If enabled, requires: slack_app_id, slack_app_secret and slack_app_secret) Enable Slack app.
slack_app_id string required by: slack_app_enabled The app ID of the Slack-app.
slack_app_secret string required by: slack_app_enabled The app secret of the Slack-app.
slack_app_signing_secret string no The signing secret of the Slack-app.
slack_app_verification_token string required by: slack_app_enabled The verification token of the Slack-app.
snippet_size_limit integer no Max snippet content size in bytes. Default: 52428800 Bytes (50 MB).
snowplow_app_id string no The Snowplow site name / application ID. (for example, gitlab)
snowplow_collector_hostname string required by: snowplow_enabled The Snowplow collector hostname. (for example, snowplow.trx.gitlab.net)
snowplow_cookie_domain string no The Snowplow cookie domain. (for example, .gitlab.com)
snowplow_enabled boolean no Enable snowplow tracking.
sourcegraph_enabled boolean no Enables Sourcegraph integration. Default is false. If enabled, requires sourcegraph_url.
sourcegraph_public_only boolean no Blocks Sourcegraph from being loaded on private and internal projects. Default is true.
sourcegraph_url string required by: sourcegraph_enabled The Sourcegraph instance URL for integration.
spam_check_endpoint_enabled boolean no Enables spam checking using external Spam Check API endpoint. Default is false.
spam_check_endpoint_url string no URL of the external Spamcheck service endpoint. Valid URI schemes are grpc or tls. Specifying tls forces communication to be encrypted.
spam_check_api_key string no API key used by GitLab for accessing the Spam Check service endpoint.
suggest_pipeline_enabled boolean no Enable pipeline suggestion banner.
terminal_max_session_time integer no Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.
terms text required by: enforce_terms (Required by: enforce_terms) Markdown content for the ToS.
throttle_authenticated_api_enabled boolean no (If enabled, requires: throttle_authenticated_api_period_in_seconds and throttle_authenticated_api_requests_per_period) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
throttle_authenticated_api_period_in_seconds integer required by:
throttle_authenticated_api_enabled
Rate limit period (in seconds).
throttle_authenticated_api_requests_per_period integer required by:
throttle_authenticated_api_enabled
Maximum requests per period per user.
throttle_authenticated_packages_api_enabled boolean no (If enabled, requires: throttle_authenticated_packages_api_period_in_seconds and throttle_authenticated_packages_api_requests_per_period) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
throttle_authenticated_packages_api_period_in_seconds integer required by:
throttle_authenticated_packages_api_enabled
Rate limit period (in seconds). View Package Registry rate limits for more details.
throttle_authenticated_packages_api_requests_per_period integer required by:
throttle_authenticated_packages_api_enabled
Maximum requests per period per user. View Package Registry rate limits for more details.
throttle_authenticated_web_enabled boolean no (If enabled, requires: throttle_authenticated_web_period_in_seconds and throttle_authenticated_web_requests_per_period) Enable authenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
throttle_authenticated_web_period_in_seconds integer required by:
throttle_authenticated_web_enabled
Rate limit period (in seconds).
throttle_authenticated_web_requests_per_period integer required by:
throttle_authenticated_web_enabled
Maximum requests per period per user.
throttle_unauthenticated_enabled boolean no (Deprecated in GitLab 14.3. Use throttle_unauthenticated_web_enabled or throttle_unauthenticated_api_enabled instead.) (If enabled, requires: throttle_unauthenticated_period_in_seconds and throttle_unauthenticated_requests_per_period) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
throttle_unauthenticated_period_in_seconds integer required by:
throttle_unauthenticated_enabled
(Deprecated in GitLab 14.3. Use throttle_unauthenticated_web_period_in_seconds or throttle_unauthenticated_api_period_in_seconds instead.) Rate limit period in seconds.
throttle_unauthenticated_requests_per_period integer required by:
throttle_unauthenticated_enabled
(Deprecated in GitLab 14.3. Use throttle_unauthenticated_web_requests_per_period or throttle_unauthenticated_api_requests_per_period instead.) Max requests per period per IP.
throttle_unauthenticated_api_enabled boolean no (If enabled, requires: throttle_unauthenticated_api_period_in_seconds and throttle_unauthenticated_api_requests_per_period) Enable unauthenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
throttle_unauthenticated_api_period_in_seconds integer required by:
throttle_unauthenticated_api_enabled
Rate limit period in seconds.
throttle_unauthenticated_api_requests_per_period integer required by:
throttle_unauthenticated_api_enabled
Max requests per period per IP.
throttle_unauthenticated_packages_api_enabled boolean no (If enabled, requires: throttle_unauthenticated_packages_api_period_in_seconds and throttle_unauthenticated_packages_api_requests_per_period) Enable authenticated API request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots). View Package Registry rate limits for more details.
throttle_unauthenticated_packages_api_period_in_seconds integer required by:
throttle_unauthenticated_packages_api_enabled
Rate limit period (in seconds). View Package Registry rate limits for more details.
throttle_unauthenticated_packages_api_requests_per_period integer required by:
throttle_unauthenticated_packages_api_enabled
Maximum requests per period per user. View Package Registry rate limits for more details.
throttle_unauthenticated_web_enabled boolean no (If enabled, requires: throttle_unauthenticated_web_period_in_seconds and throttle_unauthenticated_web_requests_per_period) Enable unauthenticated web request rate limit. Helps reduce request volume (for example, from crawlers or abusive bots).
throttle_unauthenticated_web_period_in_seconds integer required by:
throttle_unauthenticated_web_enabled
Rate limit period in seconds.
throttle_unauthenticated_web_requests_per_period integer required by:
throttle_unauthenticated_web_enabled
Max requests per period per IP.
time_tracking_limit_to_hours boolean no Limit display of time tracking units to hours. Default is false.
two_factor_grace_period integer required by: require_two_factor_authentication Amount of time (in hours) that users are allowed to skip forced configuration of two-factor authentication.
unique_ips_limit_enabled boolean no (If enabled, requires: unique_ips_limit_per_user and unique_ips_limit_time_window) Limit sign in from multiple IPs.
unique_ips_limit_per_user integer required by: unique_ips_limit_enabled Maximum number of IPs per user.
unique_ips_limit_time_window integer required by: unique_ips_limit_enabled How many seconds an IP is counted towards the limit.
usage_ping_enabled boolean no Every week GitLab reports license usage back to GitLab, Inc.
user_deactivation_emails_enabled boolean no Send an email to users upon account deactivation.
user_default_external boolean no Newly registered users are external by default.
user_default_internal_regex string no Specify an email address regex pattern to identify default internal users.
user_defaults_to_private_profile boolean no Newly created users have private profile by default. Introduced in GitLab 15.8. Defaults to false.
user_oauth_applications boolean no Allow users to register any application to use GitLab as an OAuth provider.
user_show_add_ssh_key_message boolean no When set to false disable the You won't be able to pull or push project code via SSH warning shown to users with no uploaded SSH key.
version_check_enabled boolean no Let GitLab inform you when an update is available.
whats_new_variant string no What’s new variant, possible values: all_tiers, current_tier, and disabled.
wiki_page_max_content_bytes integer no Maximum wiki page content size in bytes. Default: 52428800 Bytes (50 MB). The minimum value is 1024 bytes.
jira_connect_application_key String no Application ID of the OAuth application that should be used to authenticate with the GitLab for Jira Cloud app
jira_connect_proxy_url String no URL of the GitLab instance that should be used as a proxy for the GitLab for Jira Cloud app

Configure inactive project deletion

You can configure inactive projects deletion or turn it off.

Attribute Type Required Description
delete_inactive_projects boolean no Enable inactive project deletion. Default is false. Introduced in GitLab 14.10. Became operational without feature flag in GitLab 15.4.
inactive_projects_delete_after_months integer no If delete_inactive_projects is true, the time (in months) to wait before deleting inactive projects. Default is 2. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
inactive_projects_min_size_mb integer no If delete_inactive_projects is true, the minimum repository size for projects to be checked for inactivity. Default is 0. Introduced in GitLab 14.10. Became operational in GitLab 15.0.
inactive_projects_send_warning_email_after_months integer no If delete_inactive_projects is true, sets the time (in months) to wait before emailing maintainers that the project is scheduled be deleted because it is inactive. Default is 1. Introduced in GitLab 14.10. Became operational in GitLab 15.0.

Housekeeping fields

15.8 and later

If the housekeeping_optimize_repository_period field is set to an integer, housekeeping operations are performed after the number of Git pushes you specify.

15.7 and earlier

The housekeeping_enabled field enables or disables Git housekeeping. To function properly, this field requires housekeeping_optimize_repository_period to be set, or all of these values to be set:

  • housekeeping_bitmaps_enabled
  • housekeeping_full_repack_period
  • housekeeping_gc_period

Package Registry: Package file size limits

The package file size limits are not part of the Application settings API. Instead, these settings can be accessed using the Plan limits API.