How to expose Gitlab Package Registry without access token?

Question

For access to gitlabs Package Registry, it requires the use of an access_token, like a private-token that is added to maven settings.xml. Otherwise the registry is not accessible.

https://docs.gitlab.com/ee/user/packages/package_registry/

<settings>
  <servers>
    <server>
      <id>gitlab-maven</id>
      <configuration>
        <httpHeaders>
          <property>
            <name>Private-Token</name>
            <value>PERSONAL_ACCESS_TOKEN</value>
          </property>
        </httpHeaders>
      </configuration>
    </server>
  </servers>
</settings>
               

Question: how can I expose the libraries inside the registry without authentication? Or better to say: every user in the company that has access to gitlab should be able to simply fetch the libraries without having to add any tokens to their maven configuration.

Is that possible at all?

Answer 1

New answer

Since GitLab 15.7, you can follow the section Allow anyone to pull from package registry in the documentation:

To allow anyone to pull from the package registry, regardless of project visibility:

1. On the left sidebar, select Search or go to and find your private or internal project.
2. Select Settings > General.
3. Expand Visibility, project features, permissions.
4. Turn on the Allow anyone to pull from Package Registry toggle. Select Save changes.

Anyone on the internet can access the package registry for the project.

Old answer

There is an open proposal to:

Add feature-specific controls for the GitLab Package and Registry, so that Admin have more flexibility and control in how they can share their project's resources.

but this is not yet implemented.

The package registry visibility permissions is then derived from the project visibility as defined in the documentation.

If you want to give access to the package registry without authentication, the only solution, for now, seems to have a public project with package registry enabled.