Project-level CI/CD variables API

List project variables

Get list of a project’s variables.

GET /projects/:id/variables
AttributeTypeRequiredDescription
idinteger/stringYesID or URL-encoded path of the project
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/1/variables"
[
    {
        "variable_type": "env_var",
        "key": "TEST_VARIABLE_1",
        "value": "TEST_1",
        "protected": false,
        "masked": true,
        "raw": false,
        "environment_scope": "*",
        "description": null
    },
    {
        "variable_type": "env_var",
        "key": "TEST_VARIABLE_2",
        "value": "TEST_2",
        "protected": false,
        "masked": false,
        "raw": false,
        "environment_scope": "*",
        "description": null
    }
]

Get a single variable

Get the details of a single variable. If there are multiple variables with the same key, use filter to select the correct environment_scope.

GET /projects/:id/variables/:key
AttributeTypeRequiredDescription
idinteger/stringYesID or URL-encoded path of the project
keystringYesThe key of a variable
filterhashNoAvailable filters: [environment_scope]. See the filter parameter details.
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/1/variables/TEST_VARIABLE_1"
{
    "key": "TEST_VARIABLE_1",
    "variable_type": "env_var",
    "value": "TEST_1",
    "protected": false,
    "masked": true,
    "raw": false,
    "environment_scope": "*",
    "description": null
}

Create a variable

Create a new variable. If a variable with the same key already exists, the new variable must have a different environment_scope. Otherwise, GitLab returns a message similar to: VARIABLE_NAME has already been taken.

POST /projects/:id/variables
AttributeTypeRequiredDescription
idinteger/stringYesID or URL-encoded path of the project
keystringYesThe key of a variable; must have no more than 255 characters; only A-Z, a-z, 0-9, and _ are allowed
valuestringYesThe value of a variable
variable_typestringNoThe type of a variable. Available types are: env_var (default) and file
protectedbooleanNoWhether the variable is protected. Default: false
maskedbooleanNoWhether the variable is masked. Default: false
rawbooleanNoWhether the variable is treated as a raw string. Default: false. When true, variables in the value are not expanded.
environment_scopestringNoThe environment_scope of the variable. Default: *
descriptionstringNoThe description of the variable. Default: null. Introduced in GitLab 16.2.
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
     "https://gitlab.example.com/api/v4/projects/1/variables" --form "key=NEW_VARIABLE" --form "value=new value"
{
    "variable_type": "env_var",
    "key": "NEW_VARIABLE",
    "value": "new value",
    "protected": false,
    "masked": false,
    "raw": false,
    "environment_scope": "*",
    "description": null
}

Update a variable

Update a project’s variable. If there are multiple variables with the same key, use filter to select the correct environment_scope.

PUT /projects/:id/variables/:key
AttributeTypeRequiredDescription
idinteger/stringYesID or URL-encoded path of the project
keystringYesThe key of a variable
valuestringYesThe value of a variable
variable_typestringNoThe type of a variable. Available types are: env_var (default) and file
protectedbooleanNoWhether the variable is protected
maskedbooleanNoWhether the variable is masked
rawbooleanNoWhether the variable is treated as a raw string. Default: false. When true, variables in the value are not expanded.
environment_scopestringNoThe environment_scope of the variable
filterhashNoAvailable filters: [environment_scope]. See the filter parameter details.
descriptionstringNoThe description of the variable. Default: null. Introduced in GitLab 16.2.
curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" \
     "https://gitlab.example.com/api/v4/projects/1/variables/NEW_VARIABLE" --form "value=updated value"
{
    "variable_type": "env_var",
    "key": "NEW_VARIABLE",
    "value": "updated value",
    "protected": true,
    "masked": false,
    "raw": false,
    "environment_scope": "*",
    "description": "null"
}

Delete a variable

Delete a project’s variable. If there are multiple variables with the same key, use filter to select the correct environment_scope.

DELETE /projects/:id/variables/:key
AttributeTypeRequiredDescription
idinteger/stringYesID or URL-encoded path of the project
keystringYesThe key of a variable
filterhashNoAvailable filters: [environment_scope]. See the filter parameter details.
curl --request DELETE --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/1/variables/VARIABLE_1"

The filter parameter

Version history

When multiple variables have the same key, GET, PUT, or DELETE requests might return:

There are multiple variables with provided parameters. Please use 'filter[environment_scope]'.

Use filter[environment_scope] to select the variable with the matching environment_scope attribute.

For example:

  • GET:

    curl --globoff --header "PRIVATE-TOKEN: <your_access_token>" \
         "https://gitlab.example.com/api/v4/projects/1/variables/SCOPED_VARIABLE_1?filter[environment_scope]=production"
    
  • PUT:

    curl --request PUT --globoff --header "PRIVATE-TOKEN: <your_access_token>" \
         "https://gitlab.example.com/api/v4/projects/1/variables/SCOPED_VARIABLE_1?value=scoped-variable-updated-value&environment_scope=production&filter[environment_scope]=production"
    
  • DELETE:

    curl --request DELETE --globoff --header "PRIVATE-TOKEN: <your_access_token>" \
         "https://gitlab.example.com/api/v4/projects/1/variables/SCOPED_VARIABLE_1?filter[environment_scope]=production"