[{"data":1,"prerenderedAt":789},["ShallowReactive",2],{"/en-us/blog/prepare-now-docker-hub-rate-limits-will-impact-gitlab-ci-cd":3,"navigation-en-us":39,"banner-en-us":438,"footer-en-us":448,"blog-post-authors-en-us-Tim Rizzi":688,"blog-related-posts-en-us-prepare-now-docker-hub-rate-limits-will-impact-gitlab-ci-cd":702,"assessment-promotions-en-us":741,"next-steps-en-us":779},{"id":4,"title":5,"authorSlugs":6,"body":8,"categorySlug":9,"config":10,"content":14,"description":8,"extension":26,"isFeatured":12,"meta":27,"navigation":12,"path":28,"publishedDate":20,"seo":29,"stem":34,"tagSlugs":35,"__hash__":38},"blogPosts/en-us/blog/prepare-now-docker-hub-rate-limits-will-impact-gitlab-ci-cd.yml","Prepare Now Docker Hub Rate Limits Will Impact Gitlab Ci Cd",[7],"tim-rizzi",null,"bulletin-board",{"slug":11,"featured":12,"template":13},"prepare-now-docker-hub-rate-limits-will-impact-gitlab-ci-cd",true,"BlogPost",{"title":15,"description":16,"authors":17,"heroImage":19,"date":20,"body":21,"category":9,"tags":22},"Prepare now: Docker Hub rate limits will impact GitLab CI/CD","Learn how Docker Hub's upcoming pull rate limits will affect GitLab pipelines and what you can do to avoid disruptions.",[18],"Tim Rizzi","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749662488/Blog/Hero%20Images/blog-image-template-1800x945__3_.png","2025-03-24","On April 1, 2025, Docker will implement new [pull rate limits](https://docs.docker.com/docker-hub/usage/) to Docker Hub that may significantly impact CI/CD pipelines across the industry, including those running on GitLab. The most significant change is the 100 pulls-per-6-hours limit for unauthenticated users.\n\n## What's changing?\n\nStarting April 1, Docker will enforce the following pull rate limits:\n\n| User type | Pull rate limit per hour | Number of public repositories | Number of private repositories |\n|-----------|----------------|--------------|------------------|\n| Business, Team, Pro (authenticated) | Unlimited (fair use) | Unlimited | Unlimited |\n| Personal (authenticated) | 200 per 6-hour window | Unlimited | Up to 1 |\n| Unauthenticated users | 100 per 6-hour window per IPv4 address or IPv6 /64 subnet | Not applicable | Not applicable |\n\nThis is particularly important because:\n\n* GitLab's Dependency Proxy currently pulls from Docker Hub as an\nunauthenticated user.\n\n* Most CI/CD pipelines that don't use the Dependency Proxy pull directly\nfrom Docker Hub as unauthenticated users.\n\n* On hosted runners for GitLab.com, multiple users might share the same IP\naddress or subnet, making them collectively subject to this limit.\n\n## How this impacts GitLab users\n\n**Impact on direct Docker Hub pulls**\n\nIf your CI/CD pipelines directly pull images from Docker Hub without authentication, they will be limited to 100 pulls per six-hour window per IP address. For pipelines that run frequently or across multiple projects sharing the same runner infrastructure, this will quickly exhaust the limit and cause pipeline failures.\n\n**Impact on GitLab Dependency Proxy**\n\nThe GitLab Dependency Proxy feature allows you to cache Docker images within\nGitLab to speed up pipelines and reduce external dependencies. However, the current implementation pulls from Docker Hub as an unauthenticated user, meaning it will also be subject to the 100 pulls-per-6-hours limit.\n\n**Impact on hosted runners**\n\nFor hosted runners on GitLab.com, we use [Google Cloud's pull-through cache](https://cloud.google.com/artifact-registry/docs/pull-cached-dockerhub-images).\nThis mirrors the commonly pulled images and allows us to avoid rate limits.\nJob images defined as `image:` or `services:` in your `.gitlab-ci.yml` file, are not affected by rate limits.\n\nThings are slightly more challenging whenever images are pulled within the runner environment. The most common use case to pull images during runner runtime is to build an image using Docker-in-Docker or Kaniko. In this scenario, the Docker Hub image defined in your `Dockerfile` is pulled directly from Docker Hub and is likely to be affected by rate limits.\n\n## How GitLab is responding\n\nWe're actively working on solutions to mitigate these challenges:\n\n* **Dependency Proxy authentication:** We've added support for Docker Hub\nauthentication in the [GitLab Dependency Proxy feature](https://gitlab.com/gitlab-org/gitlab/-/issues/331741). This will allow the Dependency Proxy to pull images from Docker Hub as an authenticated user, significantly increasing the rate limits.\n\n* **Documentation updates:** We've updated our\n[documentation](https://docs.gitlab.com/user/packages/dependency_proxy/#configure-credentials)\nto provide clear guidance on configuring pipeline authentication for Docker\nHub.\n\n* **Internal infrastructure preparation:** We're preparing our internal\ninfrastructure to minimize the impact on hosted runners for GitLab.com.\n\n## How you can prepare\n\n**Option 1: Configure Docker Hub authentication in your pipelines**\n\nFor pipelines that pull directly from Docker Hub, you can configure authentication to increase your rate limit to 200 pulls per six-hour window (or unlimited with a paid Docker Hub subscription).\n\nAdd Docker Hub credentials to your project or group CI/CD variables (not in your `.gitlab-ci.yml` file). Please refer to our [documentation on using\nDocker images](https://docs.gitlab.com/ci/docker/using_docker_images/#use-statically-defined-credentials)\nfor detailed instructions on setting up the `DOCKER_AUTH_CONFIG` CI/CD variable correctly.\n\n**Option 2: Use the GitLab Container Registry**\n\nConsider pushing your frequently used Docker images to your [GitLab\nContainer\nRegistry](https://docs.gitlab.com/user/packages/container_registry/). This eliminates the need to pull from Docker Hub during CI/CD runs:\n\n1. Pull the image from Docker Hub.\n\n2. Tag it for your GitLab Container Registry.\n\n3. Push it to your GitLab Container Registry.\n\n4. Update your pipelines to pull from GitLab Container Registry.\n\n```shell\n\ndocker pull busybox:latest\n\ndocker tag busybox:latest $CI_REGISTRY_IMAGE/busybox:latest\n\ndocker push $CI_REGISTRY_IMAGE/busybox:latest\n\n```\n\nThen in your `.gitlab-ci.yml`:\n\n`image: $CI_REGISTRY_IMAGE/busybox:latest`\n\n**Option 3: Use GitLab Dependency Proxy**\n\nGitLab's Dependency Proxy feature provides a way to cache and proxy Docker images, reducing external dependencies and rate limit issues.\n\nCurrent authentication options:\n\n* GitLab 17.10: Configure Docker Hub authentication for the Dependency Proxy\nusing [GraphQL\nAPI](https://docs.gitlab.com/user/packages/dependency_proxy/#configure-credentials-using-the-graphql-api)\n\n* GitLab 17.11: Use the new UI-based configuration in your group's settings\n(already available on GitLab.com)\n\nOnce authentication is properly configured, you can:\n\n1. Configure Docker Hub credentials in your group's Dependency Proxy\nsettings:\n  - For GitLab 17.11+ (or current GitLab.com): Navigate to your group's settings > Packages & Registries > Dependency Proxy.\n  - For GitLab 17.10: Use the GraphQL API to configure authentication.\n2. Update your pipelines to use the Dependency Proxy URLs in your CI/CD\nconfiguration:\n\n`image: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/busybox:latest`\n\n**Option 4: Consider a Docker Hub paid subscription**\n\nFor organizations with heavy Docker Hub usage, upgrading to a paid Docker subscription (Team or Business) will provide unlimited pulls, which may be the most straightforward solution.\n\n## Best practices to reduce Docker Hub rate limit impact\n\nRegardless of which option you choose, consider these best practices to minimize Docker Hub rate limit impact:\n\n* Use specific image tags instead of `latest` to avoid unnecessary pulls.\n\n* Consolidate your Docker files to use the same base images across projects.\n\n* Schedule less critical pipelines to run outside of peak hours.\n\n* Use caching effectively to avoid pulling the same images repeatedly.\n\n**Note:** According to Docker Hub [documentation](https://docs.docker.com/docker-hub/usage/pulls/#pull-definition), the pull count is incremented when pulling the image manifest, not based on image size or number of layers.\n\n## Timeline and next steps\n\n**Now**\n  * Implement authentication for direct Docker Hub pulls.\n  * GitLab.com users can already configure Docker Hub authentication for the Dependency Proxy using either:\n    * The GraphQL API, or\n    * The UI in group settings\n  * Self-managed GitLab 17.10 users can configure Dependency Proxy authentication using the GraphQL API.\n\n**April 1, 2025**\n  * Docker Hub rate limits go into effect.\n\n**April 17, 2025**\n  * GitLab 17.11 will be released with UI-based Dependency Proxy authentication support for self-managed instances.\n\nWe recommend taking action well before the April 1 deadline to avoid unexpected pipeline failures. For most users, configuring the Dependency\nProxy with Docker Hub authentication is the most efficient long-term solution.\n\n> Have questions or need implementation help? Please visit [this\nissue](https://gitlab.com/gitlab-org/gitlab/-/issues/526605) where our team is actively providing support.\n",[23,24,25],"CI/CD","news","DevSecOps platform","yml",{},"/en-us/blog/prepare-now-docker-hub-rate-limits-will-impact-gitlab-ci-cd",{"title":15,"description":16,"ogTitle":15,"ogDescription":16,"noIndex":30,"ogImage":19,"ogUrl":31,"ogSiteName":32,"ogType":33,"canonicalUrls":31},false,"https://about.gitlab.com/blog/prepare-now-docker-hub-rate-limits-will-impact-gitlab-ci-cd","https://about.gitlab.com","article","en-us/blog/prepare-now-docker-hub-rate-limits-will-impact-gitlab-ci-cd",[36,24,37],"cicd","devsecops-platform","w0LZ1JBefl8YyxO425DqBlMVdcfbvJ4Iu7enAhN4HnM",{"data":40},{"logo":41,"freeTrial":46,"sales":51,"login":56,"items":61,"search":368,"minimal":399,"duo":418,"pricingDeployment":428},{"config":42},{"href":43,"dataGaName":44,"dataGaLocation":45},"/","gitlab logo","header",{"text":47,"config":48},"Get free trial",{"href":49,"dataGaName":50,"dataGaLocation":45},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com&glm_content=default-saas-trial/","free trial",{"text":52,"config":53},"Talk to sales",{"href":54,"dataGaName":55,"dataGaLocation":45},"/sales/","sales",{"text":57,"config":58},"Sign in",{"href":59,"dataGaName":60,"dataGaLocation":45},"https://gitlab.com/users/sign_in/","sign in",[62,89,183,188,289,349],{"text":63,"config":64,"cards":66},"Platform",{"dataNavLevelOne":65},"platform",[67,73,81],{"title":63,"description":68,"link":69},"The intelligent orchestration platform for DevSecOps",{"text":70,"config":71},"Explore our Platform",{"href":72,"dataGaName":65,"dataGaLocation":45},"/platform/",{"title":74,"description":75,"link":76},"GitLab Duo Agent Platform","Agentic AI for the entire software lifecycle",{"text":77,"config":78},"Meet GitLab Duo",{"href":79,"dataGaName":80,"dataGaLocation":45},"/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":82,"description":83,"link":84},"Why GitLab","See the top reasons enterprises choose GitLab",{"text":85,"config":86},"Learn more",{"href":87,"dataGaName":88,"dataGaLocation":45},"/why-gitlab/","why gitlab",{"text":90,"left":12,"config":91,"link":93,"lists":97,"footer":165},"Product",{"dataNavLevelOne":92},"solutions",{"text":94,"config":95},"View all Solutions",{"href":96,"dataGaName":92,"dataGaLocation":45},"/solutions/",[98,121,144],{"title":99,"description":100,"link":101,"items":106},"Automation","CI/CD and automation to accelerate deployment",{"config":102},{"icon":103,"href":104,"dataGaName":105,"dataGaLocation":45},"AutomatedCodeAlt","/solutions/delivery-automation/","automated software delivery",[107,110,113,117],{"text":23,"config":108},{"href":109,"dataGaLocation":45,"dataGaName":23},"/solutions/continuous-integration/",{"text":74,"config":111},{"href":79,"dataGaLocation":45,"dataGaName":112},"gitlab duo agent platform - product menu",{"text":114,"config":115},"Source Code Management",{"href":116,"dataGaLocation":45,"dataGaName":114},"/solutions/source-code-management/",{"text":118,"config":119},"Automated Software Delivery",{"href":104,"dataGaLocation":45,"dataGaName":120},"Automated software delivery",{"title":122,"description":123,"link":124,"items":129},"Security","Deliver code faster without compromising security",{"config":125},{"href":126,"dataGaName":127,"dataGaLocation":45,"icon":128},"/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[130,134,139],{"text":131,"config":132},"Application Security Testing",{"href":126,"dataGaName":133,"dataGaLocation":45},"Application security testing",{"text":135,"config":136},"Software Supply Chain Security",{"href":137,"dataGaLocation":45,"dataGaName":138},"/solutions/supply-chain/","Software supply chain security",{"text":140,"config":141},"Software Compliance",{"href":142,"dataGaName":143,"dataGaLocation":45},"/solutions/software-compliance/","software compliance",{"title":145,"link":146,"items":151},"Measurement",{"config":147},{"icon":148,"href":149,"dataGaName":150,"dataGaLocation":45},"DigitalTransformation","/solutions/visibility-measurement/","visibility and measurement",[152,156,160],{"text":153,"config":154},"Visibility & Measurement",{"href":149,"dataGaLocation":45,"dataGaName":155},"Visibility and Measurement",{"text":157,"config":158},"Value Stream Management",{"href":159,"dataGaLocation":45,"dataGaName":157},"/solutions/value-stream-management/",{"text":161,"config":162},"Analytics & Insights",{"href":163,"dataGaLocation":45,"dataGaName":164},"/solutions/analytics-and-insights/","Analytics and insights",{"title":166,"items":167},"GitLab for",[168,173,178],{"text":169,"config":170},"Enterprise",{"href":171,"dataGaLocation":45,"dataGaName":172},"/enterprise/","enterprise",{"text":174,"config":175},"Small Business",{"href":176,"dataGaLocation":45,"dataGaName":177},"/small-business/","small business",{"text":179,"config":180},"Public Sector",{"href":181,"dataGaLocation":45,"dataGaName":182},"/solutions/public-sector/","public sector",{"text":184,"config":185},"Pricing",{"href":186,"dataGaName":187,"dataGaLocation":45,"dataNavLevelOne":187},"/pricing/","pricing",{"text":189,"config":190,"link":192,"lists":196,"feature":276},"Resources",{"dataNavLevelOne":191},"resources",{"text":193,"config":194},"View all resources",{"href":195,"dataGaName":191,"dataGaLocation":45},"/resources/",[197,230,248],{"title":198,"items":199},"Getting started",[200,205,210,215,220,225],{"text":201,"config":202},"Install",{"href":203,"dataGaName":204,"dataGaLocation":45},"/install/","install",{"text":206,"config":207},"Quick start guides",{"href":208,"dataGaName":209,"dataGaLocation":45},"/get-started/","quick setup checklists",{"text":211,"config":212},"Learn",{"href":213,"dataGaLocation":45,"dataGaName":214},"https://university.gitlab.com/","learn",{"text":216,"config":217},"Product documentation",{"href":218,"dataGaName":219,"dataGaLocation":45},"https://docs.gitlab.com/","product documentation",{"text":221,"config":222},"Best practice videos",{"href":223,"dataGaName":224,"dataGaLocation":45},"/getting-started-videos/","best practice videos",{"text":226,"config":227},"Integrations",{"href":228,"dataGaName":229,"dataGaLocation":45},"/integrations/","integrations",{"title":231,"items":232},"Discover",[233,238,243],{"text":234,"config":235},"Customer success stories",{"href":236,"dataGaName":237,"dataGaLocation":45},"/customers/","customer success stories",{"text":239,"config":240},"Blog",{"href":241,"dataGaName":242,"dataGaLocation":45},"/blog/","blog",{"text":244,"config":245},"Remote",{"href":246,"dataGaName":247,"dataGaLocation":45},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":249,"items":250},"Connect",[251,256,261,266,271],{"text":252,"config":253},"GitLab Services",{"href":254,"dataGaName":255,"dataGaLocation":45},"/services/","services",{"text":257,"config":258},"Community",{"href":259,"dataGaName":260,"dataGaLocation":45},"/community/","community",{"text":262,"config":263},"Forum",{"href":264,"dataGaName":265,"dataGaLocation":45},"https://forum.gitlab.com/","forum",{"text":267,"config":268},"Events",{"href":269,"dataGaName":270,"dataGaLocation":45},"/events/","events",{"text":272,"config":273},"Partners",{"href":274,"dataGaName":275,"dataGaLocation":45},"/partners/","partners",{"backgroundColor":277,"textColor":278,"text":279,"image":280,"link":284},"#2f2a6b","#fff","Insights for the future of software development",{"altText":281,"config":282},"the source promo card",{"src":283},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":285,"config":286},"Read the latest",{"href":287,"dataGaName":288,"dataGaLocation":45},"/the-source/","the source",{"text":290,"config":291,"lists":293},"Company",{"dataNavLevelOne":292},"company",[294],{"items":295},[296,301,307,309,314,319,324,329,334,339,344],{"text":297,"config":298},"About",{"href":299,"dataGaName":300,"dataGaLocation":45},"/company/","about",{"text":302,"config":303,"footerGa":306},"Jobs",{"href":304,"dataGaName":305,"dataGaLocation":45},"/jobs/","jobs",{"dataGaName":305},{"text":267,"config":308},{"href":269,"dataGaName":270,"dataGaLocation":45},{"text":310,"config":311},"Leadership",{"href":312,"dataGaName":313,"dataGaLocation":45},"/company/team/e-group/","leadership",{"text":315,"config":316},"Team",{"href":317,"dataGaName":318,"dataGaLocation":45},"/company/team/","team",{"text":320,"config":321},"Handbook",{"href":322,"dataGaName":323,"dataGaLocation":45},"https://handbook.gitlab.com/","handbook",{"text":325,"config":326},"Investor relations",{"href":327,"dataGaName":328,"dataGaLocation":45},"https://ir.gitlab.com/","investor relations",{"text":330,"config":331},"Trust Center",{"href":332,"dataGaName":333,"dataGaLocation":45},"/security/","trust center",{"text":335,"config":336},"AI Transparency Center",{"href":337,"dataGaName":338,"dataGaLocation":45},"/ai-transparency-center/","ai transparency center",{"text":340,"config":341},"Newsletter",{"href":342,"dataGaName":343,"dataGaLocation":45},"/company/contact/#contact-forms","newsletter",{"text":345,"config":346},"Press",{"href":347,"dataGaName":348,"dataGaLocation":45},"/press/","press",{"text":350,"config":351,"lists":352},"Contact us",{"dataNavLevelOne":292},[353],{"items":354},[355,358,363],{"text":52,"config":356},{"href":54,"dataGaName":357,"dataGaLocation":45},"talk to sales",{"text":359,"config":360},"Support portal",{"href":361,"dataGaName":362,"dataGaLocation":45},"https://support.gitlab.com","support portal",{"text":364,"config":365},"Customer portal",{"href":366,"dataGaName":367,"dataGaLocation":45},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":369,"login":370,"suggestions":377},"Close",{"text":371,"link":372},"To search repositories and projects, login to",{"text":373,"config":374},"gitlab.com",{"href":59,"dataGaName":375,"dataGaLocation":376},"search login","search",{"text":378,"default":379},"Suggestions",[380,382,386,388,392,396],{"text":74,"config":381},{"href":79,"dataGaName":74,"dataGaLocation":376},{"text":383,"config":384},"Code Suggestions (AI)",{"href":385,"dataGaName":383,"dataGaLocation":376},"/solutions/code-suggestions/",{"text":23,"config":387},{"href":109,"dataGaName":23,"dataGaLocation":376},{"text":389,"config":390},"GitLab on AWS",{"href":391,"dataGaName":389,"dataGaLocation":376},"/partners/technology-partners/aws/",{"text":393,"config":394},"GitLab on Google Cloud",{"href":395,"dataGaName":393,"dataGaLocation":376},"/partners/technology-partners/google-cloud-platform/",{"text":397,"config":398},"Why GitLab?",{"href":87,"dataGaName":397,"dataGaLocation":376},{"freeTrial":400,"mobileIcon":405,"desktopIcon":410,"secondaryButton":413},{"text":401,"config":402},"Start free trial",{"href":403,"dataGaName":50,"dataGaLocation":404},"https://gitlab.com/-/trials/new/","nav",{"altText":406,"config":407},"Gitlab Icon",{"src":408,"dataGaName":409,"dataGaLocation":404},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":406,"config":411},{"src":412,"dataGaName":409,"dataGaLocation":404},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":414,"config":415},"Get Started",{"href":416,"dataGaName":417,"dataGaLocation":404},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/compare/gitlab-vs-github/","get started",{"freeTrial":419,"mobileIcon":424,"desktopIcon":426},{"text":420,"config":421},"Learn more about GitLab Duo",{"href":422,"dataGaName":423,"dataGaLocation":404},"/gitlab-duo/","gitlab duo",{"altText":406,"config":425},{"src":408,"dataGaName":409,"dataGaLocation":404},{"altText":406,"config":427},{"src":412,"dataGaName":409,"dataGaLocation":404},{"freeTrial":429,"mobileIcon":434,"desktopIcon":436},{"text":430,"config":431},"Back to pricing",{"href":186,"dataGaName":432,"dataGaLocation":404,"icon":433},"back to pricing","GoBack",{"altText":406,"config":435},{"src":408,"dataGaName":409,"dataGaLocation":404},{"altText":406,"config":437},{"src":412,"dataGaName":409,"dataGaLocation":404},{"title":439,"button":440,"config":445},"See how agentic AI transforms software delivery",{"text":441,"config":442},"Watch GitLab Transcend now",{"href":443,"dataGaName":444,"dataGaLocation":45},"/events/transcend/virtual/","transcend event",{"layout":446,"icon":447},"release","AiStar",{"data":449},{"text":450,"source":451,"edit":457,"contribute":462,"config":467,"items":472,"minimal":677},"Git is a trademark of Software Freedom Conservancy and our use of 'GitLab' is under license",{"text":452,"config":453},"View page source",{"href":454,"dataGaName":455,"dataGaLocation":456},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":458,"config":459},"Edit this page",{"href":460,"dataGaName":461,"dataGaLocation":456},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":463,"config":464},"Please contribute",{"href":465,"dataGaName":466,"dataGaLocation":456},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":468,"facebook":469,"youtube":470,"linkedin":471},"https://twitter.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[473,520,572,616,643],{"title":184,"links":474,"subMenu":489},[475,479,484],{"text":476,"config":477},"View plans",{"href":186,"dataGaName":478,"dataGaLocation":456},"view plans",{"text":480,"config":481},"Why Premium?",{"href":482,"dataGaName":483,"dataGaLocation":456},"/pricing/premium/","why premium",{"text":485,"config":486},"Why Ultimate?",{"href":487,"dataGaName":488,"dataGaLocation":456},"/pricing/ultimate/","why ultimate",[490],{"title":491,"links":492},"Contact Us",[493,496,498,500,505,510,515],{"text":494,"config":495},"Contact sales",{"href":54,"dataGaName":55,"dataGaLocation":456},{"text":359,"config":497},{"href":361,"dataGaName":362,"dataGaLocation":456},{"text":364,"config":499},{"href":366,"dataGaName":367,"dataGaLocation":456},{"text":501,"config":502},"Status",{"href":503,"dataGaName":504,"dataGaLocation":456},"https://status.gitlab.com/","status",{"text":506,"config":507},"Terms of use",{"href":508,"dataGaName":509,"dataGaLocation":456},"/terms/","terms of use",{"text":511,"config":512},"Privacy statement",{"href":513,"dataGaName":514,"dataGaLocation":456},"/privacy/","privacy statement",{"text":516,"config":517},"Cookie preferences",{"dataGaName":518,"dataGaLocation":456,"id":519,"isOneTrustButton":12},"cookie preferences","ot-sdk-btn",{"title":90,"links":521,"subMenu":529},[522,525],{"text":25,"config":523},{"href":72,"dataGaName":524,"dataGaLocation":456},"devsecops platform",{"text":526,"config":527},"AI-Assisted Development",{"href":422,"dataGaName":528,"dataGaLocation":456},"ai-assisted development",[530],{"title":531,"links":532},"Topics",[533,537,542,547,552,557,562,567],{"text":534,"config":535},"CICD",{"href":536,"dataGaName":36,"dataGaLocation":456},"/topics/ci-cd/",{"text":538,"config":539},"GitOps",{"href":540,"dataGaName":541,"dataGaLocation":456},"/topics/gitops/","gitops",{"text":543,"config":544},"DevOps",{"href":545,"dataGaName":546,"dataGaLocation":456},"/topics/devops/","devops",{"text":548,"config":549},"Version Control",{"href":550,"dataGaName":551,"dataGaLocation":456},"/topics/version-control/","version control",{"text":553,"config":554},"DevSecOps",{"href":555,"dataGaName":556,"dataGaLocation":456},"/topics/devsecops/","devsecops",{"text":558,"config":559},"Cloud Native",{"href":560,"dataGaName":561,"dataGaLocation":456},"/topics/cloud-native/","cloud native",{"text":563,"config":564},"AI for Coding",{"href":565,"dataGaName":566,"dataGaLocation":456},"/topics/devops/ai-for-coding/","ai for coding",{"text":568,"config":569},"Agentic AI",{"href":570,"dataGaName":571,"dataGaLocation":456},"/topics/agentic-ai/","agentic ai",{"title":573,"links":574},"Solutions",[575,577,579,584,588,591,595,598,600,603,606,611],{"text":131,"config":576},{"href":126,"dataGaName":131,"dataGaLocation":456},{"text":120,"config":578},{"href":104,"dataGaName":105,"dataGaLocation":456},{"text":580,"config":581},"Agile development",{"href":582,"dataGaName":583,"dataGaLocation":456},"/solutions/agile-delivery/","agile delivery",{"text":585,"config":586},"SCM",{"href":116,"dataGaName":587,"dataGaLocation":456},"source code management",{"text":534,"config":589},{"href":109,"dataGaName":590,"dataGaLocation":456},"continuous integration & delivery",{"text":592,"config":593},"Value stream management",{"href":159,"dataGaName":594,"dataGaLocation":456},"value stream management",{"text":538,"config":596},{"href":597,"dataGaName":541,"dataGaLocation":456},"/solutions/gitops/",{"text":169,"config":599},{"href":171,"dataGaName":172,"dataGaLocation":456},{"text":601,"config":602},"Small business",{"href":176,"dataGaName":177,"dataGaLocation":456},{"text":604,"config":605},"Public sector",{"href":181,"dataGaName":182,"dataGaLocation":456},{"text":607,"config":608},"Education",{"href":609,"dataGaName":610,"dataGaLocation":456},"/solutions/education/","education",{"text":612,"config":613},"Financial services",{"href":614,"dataGaName":615,"dataGaLocation":456},"/solutions/finance/","financial services",{"title":189,"links":617},[618,620,622,624,627,629,631,633,635,637,639,641],{"text":201,"config":619},{"href":203,"dataGaName":204,"dataGaLocation":456},{"text":206,"config":621},{"href":208,"dataGaName":209,"dataGaLocation":456},{"text":211,"config":623},{"href":213,"dataGaName":214,"dataGaLocation":456},{"text":216,"config":625},{"href":218,"dataGaName":626,"dataGaLocation":456},"docs",{"text":239,"config":628},{"href":241,"dataGaName":242,"dataGaLocation":456},{"text":234,"config":630},{"href":236,"dataGaName":237,"dataGaLocation":456},{"text":244,"config":632},{"href":246,"dataGaName":247,"dataGaLocation":456},{"text":252,"config":634},{"href":254,"dataGaName":255,"dataGaLocation":456},{"text":257,"config":636},{"href":259,"dataGaName":260,"dataGaLocation":456},{"text":262,"config":638},{"href":264,"dataGaName":265,"dataGaLocation":456},{"text":267,"config":640},{"href":269,"dataGaName":270,"dataGaLocation":456},{"text":272,"config":642},{"href":274,"dataGaName":275,"dataGaLocation":456},{"title":290,"links":644},[645,647,649,651,653,655,657,661,666,668,670,672],{"text":297,"config":646},{"href":299,"dataGaName":292,"dataGaLocation":456},{"text":302,"config":648},{"href":304,"dataGaName":305,"dataGaLocation":456},{"text":310,"config":650},{"href":312,"dataGaName":313,"dataGaLocation":456},{"text":315,"config":652},{"href":317,"dataGaName":318,"dataGaLocation":456},{"text":320,"config":654},{"href":322,"dataGaName":323,"dataGaLocation":456},{"text":325,"config":656},{"href":327,"dataGaName":328,"dataGaLocation":456},{"text":658,"config":659},"Sustainability",{"href":660,"dataGaName":658,"dataGaLocation":456},"/sustainability/",{"text":662,"config":663},"Diversity, inclusion and belonging (DIB)",{"href":664,"dataGaName":665,"dataGaLocation":456},"/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":330,"config":667},{"href":332,"dataGaName":333,"dataGaLocation":456},{"text":340,"config":669},{"href":342,"dataGaName":343,"dataGaLocation":456},{"text":345,"config":671},{"href":347,"dataGaName":348,"dataGaLocation":456},{"text":673,"config":674},"Modern Slavery Transparency Statement",{"href":675,"dataGaName":676,"dataGaLocation":456},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"items":678},[679,682,685],{"text":680,"config":681},"Terms",{"href":508,"dataGaName":509,"dataGaLocation":456},{"text":683,"config":684},"Cookies",{"dataGaName":518,"dataGaLocation":456,"id":519,"isOneTrustButton":12},{"text":686,"config":687},"Privacy",{"href":513,"dataGaName":514,"dataGaLocation":456},[689],{"id":690,"title":18,"body":8,"config":691,"content":693,"description":8,"extension":26,"meta":697,"navigation":12,"path":698,"seo":699,"stem":700,"__hash__":701},"blogAuthors/en-us/blog/authors/tim-rizzi.yml",{"template":692},"BlogAuthor",{"name":18,"config":694},{"headshot":695,"ctfId":696},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1749661866/Blog/Author%20Headshots/trizzi-headshot.jpg","trizzi",{},"/en-us/blog/authors/tim-rizzi",{},"en-us/blog/authors/tim-rizzi","ADPqrpcnKveFJS0m_zFV0VLtb_h_txu59QVgz_YwKMc",[703,717,729],{"content":704,"config":715},{"title":705,"description":706,"authors":707,"heroImage":709,"date":710,"body":711,"category":9,"tags":712},"Passkeys now available for passwordless sign-in and 2FA on GitLab","Learn how to register a passkey to your account and how two-factor authentication works as a phishing-resistant method.",[708],"GitLab","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772029801/qk75nu1eezxa6aiefpup.png","2026-02-25","Passkeys are now available on GitLab, and offer a more secure and convenient way to access your account. You can use passkeys for passwordless sign-in or as a phishing-resistant two-factor authentication (2FA) method. Passkeys offer the ability to authenticate using your device's fingerprint, face recognition, or PIN. For accounts with 2FA enabled, passkeys automatically become available as your default 2FA method.\n\n\u003Cfigure class=\"video_container\"> \u003Ciframe src=\"https://www.youtube.com/embed/LN5MGRdTHR8?si=OOebJZzN3LkSmzNv\" title=\"Passwordless authentication using passkeys\" frameborder=\"0\" allowfullscreen=\"true\">\u003C/iframe> \u003C/figure>\n\n\u003Cbr>\u003C/br>\n\nTo register a passkey to your account, go to your profile settings and select **Account > Manage authentication**.\n\nPasskeys use WebAuthn technology and public-key cryptography made up of both a private and public key. Your private key stays securely on your device and never leaves, while your public key is stored on GitLab. Even if GitLab were to become compromised, attackers cannot use your stored credentials to access your account. Passkeys work across desktop browsers (Chrome, Firefox, Safari, Edge), mobile devices (iOS 16+, Android 9+), and FIDO2 hardware security keys, allowing you to register multiple passkeys across your devices for convenient access.\n\n![Passkeys sign-in with two-factor authentication](https://res.cloudinary.com/about-gitlab-com/image/upload/v1767807931/n652nkgvna1rsymlfzpi.png)\n\nGitLab signed the [CISA Secure by Design Pledge](https://about.gitlab.com/blog/last-year-we-signed-the-secure-by-design-pledge-heres-our-progress/), committing to improve our security posture and help customers develop secure software faster. One key objective of the pledge is to  increase the use of  [multi-factor authentication (MFA)](https://about.gitlab.com/blog/last-year-we-signed-the-secure-by-design-pledge-heres-our-progress/#multi-factor-authentication-mfa) across the manufacturer’s products. Passkeys are an integral part of this goal, and provide a seamless, phishing-resistant MFA method that makes signing in to GitLab both more secure and more convenient.\n\nIf you have questions, want to share your experience, or would like to engage directly with our team about potential improvements, see the [feedback issue](https://gitlab.com/gitlab-org/gitlab/-/work_items/366758).\n",[713,714],"security","product",{"featured":30,"template":13,"slug":716},"passkeys-now-available-for-passwordless-sign-in-and-2fa-on-gitlab",{"content":718,"config":727},{"title":719,"description":720,"heroImage":721,"authors":722,"date":724,"body":725,"category":9,"tags":726},"GPG key used to sign GitLab package repositories' metadata has been extended","The GPG key used to sign repository metadata on GitLab's Packagecloud instance at packages.gitlab.com has been extended – here's what you need to know.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1771934335/c4f7zzdelhwcihaqwxym.png",[723],"Denis Afonso","2026-02-24","GitLab uses GPG key to sign the metadata of the various apt and yum repositories that are used to distribute official omnibus-gitlab and gitlab-runner packages, to ensure integrity of packages, in addition to the packages themselves being signed by a separate key.\n\nThe current key used for the metadata signing, with the fingerprint `F640 3F65 44A3 8863 DAA0 B6E0 3F01 618A 5131 2F3F`, is set to expire on Feb. 27, 2026, and has been extended to expire on Feb 6, 2028.\n\n## Why are we extending the deadline?\n\nThe repository metadata signing key's expiration is extended periodically to comply with GitLab security policies and to limit the exposure should the key become compromised. The key's expiration is extended instead of rotating to a new key to be less disruptive for users, as rotating would require all users to replace their trusted key\n\n## What do I need to do?\n\nIf you have already configured GitLab repositories on your machine before Feb. 17, 2026, please check out the official documentation on [how to fetch and add the new key](https://docs.gitlab.com/omnibus/update/package_signatures/#package-repository-metadata-signing-keys) to your machine.\n\nIf you are a new user, there is nothing specific for you to do other than follow the [GitLab installation page](https://about.gitlab.com/install/) or the [gitlab-runner installation docs](https://docs.gitlab.com/runner/install/linux-repository.html).\n\nMore information concerning [verification of the repository metadata signatures](https://docs.gitlab.com/omnibus/update/package_signatures/#package-repository-metadata-signing-keys) is available in the Omnibus documentation. If you just need to refresh a copy of the public key, then you can find it on any of the GPG keyservers by searching for support@gitlab.com or using the key ID of `F640 3F65 44A3 8863 DAA0 B6E0 3F01 618A 5131 2F3F`.\n\nAlternatively, you could download it directly from packages.gitlab.com using the URL: `https://packages.gitlab.com/gpg.key`.\n\n## What if I need additional help?\n\nPlease open an issue in the [omnibus-gitlab issue tracker](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/new?issue&issuable_template=Bug).",[714],{"featured":30,"template":13,"slug":728},"gpg-key-used-to-sign-gitlab-package-repositories-metadata-has-been-extended",{"content":730,"config":739},{"title":731,"description":732,"heroImage":733,"date":734,"authors":735,"body":737,"category":9,"tags":738},"GitLab extends Omnibus package signing key expiration to 2028","Our GPG key will now expire on Feb. 16, 2028. Here's what you need to know.","https://res.cloudinary.com/about-gitlab-com/image/upload/v1771602757/jukp7pyqma8ifyzmuemi.png","2026-02-20",[736],"Pratik Singh","GitLab uses a GNU Privacy Guard (GPG) key to sign all Omnibus packages created within the CI pipelines to ensure that the packages have not been tampered with. This key is separate from the repository metadata signing key used by package managers and the GPG signing key for the GitLab Runner. The Omnibus package signing key, which was set to expire on Feb. 14, 2026, has been extended to expire on Feb, 16, 2028.\n\n## Why are we extending the deadline?\n\nThe package signing key's expiration is extended periodically to comply with GitLab security policies and to limit the exposure should the key become compromised. The key's expiration is extended instead of rotating to a new key to be less disruptive for users, as rotating would require all users to replace their trusted key\n\n## What do I need to do?\n\nThe only action that needs to be taken is to update your copy of the package signing key _if_ you validate the signatures on the Omnibus packages that GitLab distributes.\n\nThe package signing key is not the key that signs the repository metadata used by the OS package managers like `apt` or `yum`. Unless you are specifically verifying the package signatures or have configured your package manager to verify the package signatures, there is no action needed on your part to continue installing Omnibus packages.\n\nMore information concerning [verification of the package signatures](https://docs.gitlab.com/omnibus/update/package_signatures#package-signatures) is available in the Omnibus documentation. If you just need to refresh a copy of the public key, then you can find it on any of the GPG keyservers by searching for `support@gitlab.com` or using the key ID of `98BF DB87 FCF1 0076 416C  1E0B AD99 7ACC 82DD 593D`.\n\nAlternatively, you could download it directly from packages.gitlab.com using the URL: `https://packages.gitlab.com/gitlab/gitlab-ce/gpgkey/gitlab-gitlab-ce-CB947AD886C8E8FD.pub.gpg`.\n\n\n## What if I need additional help?\n\nPlease open an issue in the [omnibus-gitlab issue tracker](https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/new?issue&issuable_template=Bug).\n",[714],{"featured":30,"template":13,"slug":740},"gitlab-extends-omnibus-package-signing-key-expiration-to-2028",{"promotions":742},[743,757,768],{"id":744,"categories":745,"header":747,"text":748,"button":749,"image":754},"ai-modernization",[746],"ai-ml","Is AI achieving its promise at scale?","Quiz will take 5 minutes or less",{"text":750,"config":751},"Get your AI maturity score",{"href":752,"dataGaName":753,"dataGaLocation":242},"/assessments/ai-modernization-assessment/","modernization assessment",{"config":755},{"src":756},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/qix0m7kwnd8x2fh1zq49.png",{"id":758,"categories":759,"header":760,"text":748,"button":761,"image":765},"devops-modernization",[714,556],"Are you just managing tools or shipping innovation?",{"text":762,"config":763},"Get your DevOps maturity score",{"href":764,"dataGaName":753,"dataGaLocation":242},"/assessments/devops-modernization-assessment/",{"config":766},{"src":767},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138785/eg818fmakweyuznttgid.png",{"id":769,"categories":770,"header":771,"text":748,"button":772,"image":776},"security-modernization",[713],"Are you trading speed for security?",{"text":773,"config":774},"Get your security maturity score",{"href":775,"dataGaName":753,"dataGaLocation":242},"/assessments/security-modernization-assessment/",{"config":777},{"src":778},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1772138786/p4pbqd9nnjejg5ds6mdk.png",{"header":780,"blurb":781,"button":782,"secondaryButton":787},"Start building faster today","See what your team can do with the intelligent orchestration platform for DevSecOps.\n",{"text":783,"config":784},"Get your free trial",{"href":785,"dataGaName":50,"dataGaLocation":786},"https://gitlab.com/-/trial_registrations/new?glm_content=default-saas-trial&glm_source=about.gitlab.com/","feature",{"text":494,"config":788},{"href":54,"dataGaName":55,"dataGaLocation":786},1772652086481]