Cannot use keyring tokens with glab v1.84.0 and later
Checklist
-
I'm using the latest version of the extension (Run
glab --version)- Extension version: 1.85.2
- Operating system and version: arch
- Gitlab.com or self-managed instance? both
- GitLab version (if self-managed) latest; 18.9.0-pre
-
I have performed
glab auth statusto check for authentication issues -
Run the command in debug mode (like
DEBUG=true glab mr list) and attach any useful output
Summary
Cannot use glab with token in keyring after v1.84.0.
Environment
- OS: arch
- SHELL: bash
- TERM: screen-256color
- GLAB: glab 1.85.2 ()
Other:
Steps to reproduce
Example with glab 1.83.0 working setup:
$ glab --version
glab 1.83.0 ()
$ DEBUG=1 GLAB_DEBUG_HTTP=1 glab issue list
[git remote -v]
[git config --get-regexp ^remote\..*\.glab-resolved$]
REQUEST:
GET /api/v4/projects/example%2Fdebug?license=true&with_custom_attributes=true HTTP/1.1
Host: gitlab.com
User-Agent: glab/v1.83.0 (linux, amd64)
Accept: application/json
Private-Token: [REDACTED]
Accept-Encoding: gzip
RESPONSE:
HTTP/2.0 200 OK
Cache-Control: max-age=0, private, must-revalidate
Cf-Cache-Status: MISS
Cf-Ray: 9cf372453849543e-TLL
Content-Security-Policy: default-src 'none'
Content-Type: application/json
Date: Tue, 17 Feb 2026 07:07:12 GMT
...glab config with token configured in keyring:
# What protocol to use when performing git operations. Supported values: ssh, https
git_protocol: ssh
# What editor glab should run when creating issues, merge requests, etc. This is a global config that cannot be overridden by hostname.
editor: nvim
# What browser glab should run when opening links. This is a global config that cannot be overridden by hostname.
browser: firefox
# Set your desired markdown renderer style. Available options are [dark, light, notty] or set a custom style. Refer to https://github.com/charmbracelet/glamour#styles
glamour_style: dark
# Allow glab to automatically check for updates and notify you when there are new updates
check_update: false
# Disable telemetry
telemetry: "false"
# configuration specific for gitlab instances
hosts:
gitlab.com:
user: <redacted>
api_host: gitlab.com
api_protocol: https
git_protocol: sshWhat is the current bug behavior?
$ glab --version
glab 1.84.0 ()
$ DEBUG=1 GLAB_DEBUG_HTTP=1 glab issue list
[git remote -v]
[git config --get-regexp ^remote\..*\.glab-resolved$]
REQUEST:
GET /api/v4/projects/example%2Fdebug/issues?in=title%2Cdescription&order_by=created_at&page=1&per_page=30&sort=desc&state=opened HTTP/1.1
Host: gitlab.com
User-Agent: glab/v1.84.0 (linux, amd64)
Accept: application/json
Job-Token: [REDACTED]
Accept-Encoding: gzip
RESPONSE:
HTTP/2.0 401 Unauthorized
Content-Length: 30
Cache-Control: no-cache
...
Content-Type: application/json
Date: Tue, 17 Feb 2026 07:11:55 GMT
Gitlab-Lb: haproxy-main-41-lb-gprd
Gitlab-Sv: api-gke-us-east1-c
Nel: {"max_age": 0}
Ratelimit-Limit: 500
Ratelimit-Name: throttle_unauthenticated_api
Ratelimit-Observed: 1
Ratelimit-Remaining: 499
Ratelimit-Reset: 1771312320
Referrer-Policy: strict-origin-when-cross-origin
Server: cloudflare
...
Vary: Origin, Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Gitlab-Meta: {"correlation_id":"9cf379300788542a-ATL","version":"1"}
X-Request-Id: 9cf379300788542a-ATL
X-Runtime: 0.069240
{"message":"401 Unauthorized"}
ERROR
Get https://gitlab.com/api/v4/projects/example%2Fdebug/issues: 401 {message: 401 Unauthorized}.Same error occurs if I use the following config and same token value in keyring as before upgrade to 1.84.0:
gitlab.com:
user: <redacted>
# token: # use keyring instead: glab auth login --hostname gitlab.com --use-keyring
api_host: gitlab.com
api_protocol: https
git_protocol: ssh
use_keyring: "true"Or even:
gitlab.com:
user: <redacted>
token: glpat-************
api_host: gitlab.com
api_protocol: https
git_protocol: ssh
use_keyring: "true"What is the expected correct behavior?
glab command requests should be authenticated.
Relevant logs and/or screenshots
Possible fixes
Edited by Anti Räis