Skip to content
GitLab MCP Server

Configuration

GitLab MCP Server is configured through environment variables for stdio mode and CLI flags for HTTP mode. This page covers all configuration options.

Required variables

Section titled “Required variables”

These must be set for the server to start in stdio mode:

VariableDescriptionExample
GITLAB_URLGitLab instance base URLhttps://gitlab.example.com
GITLAB_TOKENPersonal Access Token with api scopeglpat-xxxxxxxxxxxxxxxxxxxx

Core options

Section titled “Core options”
VariableDefaultDescription
GITLAB_SKIP_TLS_VERIFYfalseSkip TLS certificate verification for self-signed certs
META_TOOLStrueEnable meta-tool mode (42 domain tools instead of 1000+ individual tools)
GITLAB_ENTERPRISEfalseEnable Enterprise/Premium tools (35 individual + 15 meta-tools) for GitLab Premium/Ultimate
GITLAB_READ_ONLYfalseDisable all mutating tools (create, update, delete)
GITLAB_SAFE_MODEfalseReturn structured JSON preview instead of executing mutating tools (dry-run mode)
LOG_LEVELinfoLog verbosity: debug, info, warn, error

Optional components

Section titled “Optional components”

These control which MCP capabilities are enabled:

VariableDefaultDescription
ENABLE_ANALYSIS_TOOLStrueEnable 11 AI-powered analysis tools (requires MCP sampling)
ENABLE_ELICITATIONtrueEnable interactive creation wizards (project, issue, MR)
ENABLE_RESOURCEStrueEnable 24 MCP resources for read-only data access
ENABLE_PROMPTStrueEnable 38 MCP prompt templates

Auto-update

Section titled “Auto-update”
VariableDefaultDescription
AUTO_UPDATEtrueAuto-update behavior: true (apply on start), check (notify only), false (disabled)
AUTO_UPDATE_REPOjmrplens/gitlab-mcp-serverGitHub repository for release assets
AUTO_UPDATE_INTERVAL1hPeriodic check interval (HTTP mode only)

Admin options

Section titled “Admin options”
VariableDefaultDescription
YOLO_MODEfalseSkip destructive action confirmations (not recommended)

Example .env file

Section titled “Example .env file”
.env
# Required
GITLAB_URL=https://gitlab.example.com
GITLAB_TOKEN=glpat-xxxxxxxxxxxxxxxxxxxx


# Optional
GITLAB_SKIP_TLS_VERIFY=false
META_TOOLS=true
GITLAB_ENTERPRISE=false
GITLAB_READ_ONLY=false
GITLAB_SAFE_MODE=false
LOG_LEVEL=info


# Optional components
ENABLE_ANALYSIS_TOOLS=true
ENABLE_ELICITATION=true
ENABLE_RESOURCES=true
ENABLE_PROMPTS=true


# Auto-update
AUTO_UPDATE=true

Client configuration

Section titled “Client configuration”

Create .vscode/mcp.json in your workspace:

{
  "servers": {
    "gitlab": {
      "type": "stdio",
      "command": "/path/to/gitlab-mcp-server",
      "env": {
        "GITLAB_URL": "https://gitlab.example.com",
        "GITLAB_TOKEN": "glpat-xxxxxxxxxxxxxxxxxxxx"
      }
    }
  }
}

Secure token configuration using VS Code input variables:

{
  "inputs": [
    {
      "id": "gitlab-token",
      "type": "promptString",
      "description": "GitLab Personal Access Token",
      "password": true
    }
  ],
  "servers": {
    "gitlab": {
      "type": "stdio",
      "command": "/path/to/gitlab-mcp-server",
      "env": {
        "GITLAB_URL": "https://gitlab.example.com",
        "GITLAB_TOKEN": "${input:gitlab-token}"
      }
    }
  }
}

HTTP mode flags

Section titled “HTTP mode flags”

When running in HTTP mode (--http), configuration uses CLI flags instead of environment variables:

FlagDefaultDescription
--httpfalseEnable HTTP transport mode
--http-addr:8080Listen address and port
--gitlab-urlGitLab instance URL (required)
--skip-tls-verifyfalseSkip TLS verification
--meta-toolstrueEnable meta-tool mode
--enterprisefalseEnable Enterprise/Premium tools
--read-onlyfalseRead-only mode
--max-http-clients100Maximum concurrent client sessions
--session-timeout30mIdle session timeout
--auto-updatetrueAuto-update mode
--auto-update-repojmrplens/gitlab-mcp-serverGitHub release repository
--auto-update-interval1hPeriodic update check interval
--auth-modelegacyAuthentication mode: legacy or oauth
--oauth-cache-ttl15mOAuth token identity cache TTL (1m–2h)

General flags (both stdio and HTTP modes):

FlagDefaultDescription
--shutdownfalseTerminate all running instances and exit

Example:

Terminal window
./gitlab-mcp-server \
  --http \
  --http-addr=0.0.0.0:8080 \
  --gitlab-url=https://gitlab.example.com \
  --max-http-clients=200 \
  --session-timeout=1h

Configuration load order

Section titled “Configuration load order”

The server loads configuration in the following order (later sources override earlier ones):

  1. ~/.gitlab-mcp-server.env — User-level defaults (home directory)
  2. .env — Project-level configuration (current working directory)
  3. System environment variables — Exported variables in the shell
  4. CLI flags — Command-line arguments (highest priority)

Self-signed certificates

Section titled “Self-signed certificates”

For GitLab instances with self-signed TLS certificates:

Terminal window
GITLAB_SKIP_TLS_VERIFY=true

Read-only mode

Section titled “Read-only mode”

Enable GITLAB_READ_ONLY=true to restrict the server to read-only operations. All tools that create, update, or delete resources are disabled. This is useful for:

  • Audit and compliance environments
  • Shared servers where users should only query data
  • Tokens with read_api scope

Safe mode

Section titled “Safe mode”

Enable GITLAB_SAFE_MODE=true to intercept mutating tools and return a structured JSON preview of what would be executed, without actually performing the operation. Read-only tools work normally. This is useful for:

  • Reviewing operations before execution (dry-run)
  • Training environments where you want to see tool behavior
  • Debugging tool parameters without side effects