Back to Integrations

GitLab CI Integration

Secure your GitLab CI/CD pipelines with credential-free authentication, just-in-time access to infrastructure, and comprehensive deployment audit trails.

View DocumentationRequest Demo
Features

Secure CI/CD with Zero Static Credentials

Integrate TigerAccess with GitLab CI for keyless authentication and context-aware access control.

OIDC Authentication

Keyless authentication using GitLab CI OIDC tokens for secure, credential-free pipeline access.

Job Token Integration

Leverage GitLab job tokens for automatic authentication and authorization in CI/CD pipelines.

Pipeline Access Control

Grant just-in-time access to infrastructure resources based on pipeline context and branch protection.

Deployment Tracking

Comprehensive audit trails for all deployments with automatic recording and environment tracking.

Capabilities

Enterprise-Grade Pipeline Security

OIDC token authentication
Job token validation
CI/CD variables injection
Protected branch enforcement
Environment-based access
Pipeline trigger integration
Runner registration
Auto DevOps support
Deployment gate controls
Secrets management
Audit log streaming
Multi-project pipelines
Setup

Get Started in Minutes

Follow these simple steps to integrate TigerAccess with your GitLab CI/CD pipelines.

1

Configure OIDC in TigerAccess

Set up GitLab as an OIDC provider in TigerAccess to enable automatic authentication from CI/CD pipelines.

tacctl integrations add gitlab-oidc \
  --issuer-url=https://gitlab.com \
  --audience=https://tigeraccess.example.com \
  --allowed-projects=myorg/myproject \
  --allowed-branches=main,production
2

Add Pipeline Configuration

Update your .gitlab-ci.yml to authenticate with TigerAccess using the GitLab CI OIDC token.

deploy:
  stage: deploy
  id_tokens:
    TIGERACCESS_TOKEN:
      aud: https://tigeraccess.example.com
  script:
    - tac login --oidc-token=$TIGERACCESS_TOKEN
    - tac ssh deploy@production "kubectl apply -f k8s/"
    - tac db exec postgres-prod < migrations/latest.sql
  environment:
    name: production
  only:
    - main
3

Verify Access

Run your pipeline and verify that TigerAccess grants access based on the job token claims and configured policies.

# Pipeline logs will show:
# [TigerAccess] Authenticated via GitLab OIDC
# [TigerAccess] Project: myorg/myproject
# [TigerAccess] Branch: main
# [TigerAccess] User: [email protected]
# [TigerAccess] Granted access to: production-servers
# [TigerAccess] Session recorded: session-abc123
Use Cases

Real-World Pipeline Scenarios

Secure Production Deployments

Enable production deployments from GitLab CI with automatic authentication, requiring no static credentials. Use protected branches and environment gates for additional security.

Database Migration Pipelines

Run database migrations from CI/CD pipelines with just-in-time database access, session recording, and automatic credential rotation.

Infrastructure as Code

Deploy Terraform or Ansible from GitLab CI with temporary cloud credentials and infrastructure access scoped to specific pipelines and branches.

Compliance Automation

Automatically audit all pipeline executions with comprehensive logs including job context, branch, commit SHA, and user identity for SOC 2 and ISO 27001 compliance.

FAQ

Frequently Asked Questions

How does TigerAccess integrate with GitLab CI OIDC?

TigerAccess acts as an OIDC relying party for GitLab CI. Pipelines generate short-lived ID tokens containing job metadata (project, branch, user, ref). TigerAccess validates these tokens and grants access based on configured policies without requiring static credentials.

Can I restrict access based on GitLab branch or environment?

Yes. TigerAccess policies can check the branch name, environment, project path, and other claims from the GitLab OIDC token. For example, you can allow production access only from the main branch or specific protected branches.

Do I need to store credentials in GitLab CI variables?

No. With OIDC integration, pipelines authenticate using ephemeral tokens generated automatically by GitLab CI. TigerAccess validates these tokens and issues short-lived certificates, eliminating the need to store static credentials.

Are pipeline executions audited?

Yes. Every pipeline execution that accesses resources through TigerAccess is fully audited with context including the GitLab project, branch, commit SHA, user who triggered the pipeline, job name, and all commands executed.

Can I use TigerAccess with GitLab self-managed instances?

Yes. TigerAccess supports both GitLab.com and self-managed GitLab instances. Configure the OIDC issuer URL to point to your GitLab instance, and ensure TigerAccess can reach the OIDC discovery endpoint.

Ready to Secure Your Infrastructure?

Join thousands of security-conscious teams using TigerAccess to protect their critical infrastructure and AI agents.

Start Free TrialContact Sales

No credit card required • 14-day free trial • Enterprise support available