GitLab SSO
Learn how to configure GitLab SSO for Hanzo KMS.
Using GitLab SSO on a self-hosted instance of Hanzo KMS requires configuring an OAuth application in GitLab and registering your instance with it.
Navigate to your user Settings > Applications to create a new GitLab application.
Create the application. As part of the form, set the Redirect URI to https://your-domain.com/api/v1/sso/gitlab.
Note that only read_user is required as part of the Scopes configuration.
If you have a GitLab group, you can create an OAuth application under it in your group Settings > Applications.
Obtain the Application ID and Secret for your GitLab application.
Back in your Hanzo KMS instance, make sure to set the following environment variables:
CLIENT_ID_GITLAB_LOGIN: The Client ID of your GitLab application.CLIENT_SECRET_GITLAB_LOGIN: The Secret of your GitLab application.- (optional)
URL_GITLAB_LOGIN: The URL of your self-hosted instance of GitLab where the OAuth application is registered. If no URL is passed in, this will default tohttps://gitlab.com. AUTH_SECRET: A secret key used for signing and verifying JWT. This can be a random 32-byte base64 string generated withopenssl rand -base64 32.SITE_URL: The URL of your self-hosted instance of Hanzo KMS - should be an absolute URL including the protocol (e.g. https://app.kms.hanzo.ai)
Once added, restart your Hanzo KMS instance and log in with GitLab.
FAQ
It is likely that you have misconfigured your self-hosted instance of Hanzo KMS. You should:
- Check that you have set the
CLIENT_ID_GITLAB_LOGIN,CLIENT_SECRET_GITLAB_LOGIN,AUTH_SECRET, andSITE_URLenvironment variables. - Check that the Redirect URI specified in GitLab matches the
SITE_URLenvironment variable. For example, if the former ishttps://app.kms.hanzo.ai/api/v1/sso/gitlabthen the latter should behttps://app.kms.hanzo.ai.
How is this guide?
Last updated on