| name | glab-auth |
| description | Manage GitLab authentication using the glab CLI. Use this skill whenever the user needs to log in to GitLab, check authentication status, log out, switch GitLab instances, or configure credentials. Trigger on phrases like "login to GitLab", "authenticate glab", "glab auth", "check if I'm logged in", "switch GitLab instance", "set up a personal access token", or any authentication/credential configuration task. |
GitLab Authentication Management
Use glab auth to manage credentials for GitLab.com and self-managed GitLab instances.
Check Authentication Status
Always check this first when there are permission errors:
glab auth status
Log In
Interactive (recommended for first-time setup)
glab auth login
This prompts for hostname, token, protocols, etc.
Specific Instance
glab auth login --hostname gitlab.example.com
Non-Interactive (CI / scripted environments)
glab auth login --hostname gitlab.example.com --token <token>
echo "<token>" | glab auth login --hostname gitlab.example.com --stdin
export GITLAB_TOKEN=<token>
export GITLAB_HOST=gitlab.example.com
Web OAuth
glab auth login --web
Log Out
glab auth logout
glab auth logout --hostname gitlab.example.com
Configure Git Credential Helper
Integrate glab with git so HTTP clones use your GitLab token automatically:
glab auth credential-helper
Key Options for auth login
| Flag | Description |
|---|
--hostname | GitLab instance hostname (default: gitlab.com) |
--token | Personal access token |
--stdin | Read token from stdin |
--web | OAuth browser flow |
--api-protocol | https (default) or http |
--git-protocol | https (default) or ssh |
--use-keyring | Store token in system keyring |
--api-host | Custom API endpoint (for self-managed) |
Required Token Scopes
For full glab functionality, the personal access token needs:
api — full API access (recommended)
- Or at minimum:
read_api + read_repository + write_repository
Behavior Guidelines
- First step: If any glab command fails with 401/403, run
glab auth status to diagnose.
- CI environments: Recommend the
GITLAB_TOKEN environment variable approach — it's the safest and most portable method.
- Self-managed instances: Always specify
--hostname — omitting it targets gitlab.com.
- Multiple instances: glab supports multiple configured instances;
glab auth status shows all of them.
- Token security: Recommend
--stdin or environment variables over --token flag to avoid tokens appearing in shell history.