Protected tags (FREE)

Introduced in GitLab 9.1.

Protected tags:

  • Allow control over who has permission to create tags.
  • Prevent accidental update or deletion once created.

Each rule allows you to match either:

  • An individual tag name.
  • Wildcards to control multiple tags at once.

This feature evolved out of protected branches

Who can modify a protected tag

By default:

  • To create tags, you must have the Maintainer role.
  • No one can update or delete tags.

Configuring protected tags

To protect a tag, you need to have at least the Maintainer role.

  1. Go to the project's Settings > Repository.

  2. From the Tag dropdown menu, select the tag you want to protect or type and click Create wildcard. In the screenshot below, we chose to protect all tags matching v*:

    Protected tags page

  3. From the Allowed to create dropdown, select users with permission to create matching tags, and click Protect:

    Allowed to create tags dropdown

  4. After done, the protected tag displays in the Protected tags list:

    Protected tags list

Wildcard protected tags

You can specify a wildcard protected tag, which protects all tags matching the wildcard. For example:

Wildcard Protected Tag Matching Tags
v* v1.0.0, version-9.1
*-deploy march-deploy, 1.0-deploy
*gitlab* gitlab, gitlab/v1
* v1.0.1rc2, accidental-tag

Two different wildcards can potentially match the same tag. For example, *-stable and production-* would both match a production-stable tag. In that case, if any of these protected tags have a setting like Allowed to create, then production-stable also inherit this setting.

If you click on a protected tag's name, GitLab displays a list of all matching tags:

Protected tag matches