Last updated: February 2026
GitKraken provides centralized security settings to help your organization control data-sharing features, enforce compliance, and manage where Git patches are stored.
Quick Start
GitKraken.dev security controls allow organization administrators to manage AI feature access and configure Cloud Patch storage across all GitKraken products.
To manage AI features and provider access:
- Sign in at gitkraken.dev as an Owner, Admin, or Billing Contact.
- Navigate to Settings > Security Controls > AI Features to enable or disable GitKraken AI features for all organization members. Requires an Advanced or higher plan.
- To restrict which AI providers are permitted, go to Settings > Security Controls > Enforce AI providers (Business+ plans required).
- Enable the toggle, then configure each provider: allow it, block it, or enforce a specific API key and endpoint URL.
To self-host Cloud Patches on your own AWS S3 bucket:
- Create an S3 bucket and apply the GitKraken-supplied bucket policy.
- Enter your bucket name, access key ID, secret access key, and AWS region under Settings > Security Controls > Cloud Patches.
- Test the connection and save.
GitKraken AI Features
GitKraken AI features can suggest code or perform smart actions to improve your workflow. These features may require sending code snippets to GitKraken AI or third-party providers.
If these features don’t align with your organization’s security policies, you can control access across your organization.
Manage AI Feature Access
To enable or disable GitKraken AI features for all organization members:
- Go to Settings > Security Controls > AI Features
- Requires owner, admin, or billing contact
- Available on Advanced+ plans
Enforce AI Providers
Organizations on the Business+ plans can enforce restrictions on which AI providers are allowed across GitKraken products. This ensures compliance with your data policies.
To configure provider-level controls:
- Go to Settings > Security Controls > Enforce AI providers.
- Enable the toggle to display supported providers.
- For each provider, you can:
- Enable: Allow team members to use the provider’s models.
- Disable: Block the provider completely.
For the following marked* providers, you can also:
- Set an API Key: Enforce the use of your key.
- Add a Custom URL (requires a key): Restrict access to a specific endpoint.
Supported providers include:
- Anthropic*
- Azure*
- DeepSeek
- GitHub Copilot
- GitKraken AI
- Google*
- Hugging Face*
- Mistral*
- Ollama*
- OpenAI*
- OpenAI compatible*
- OpenRouter
- xAI
Providers marked with an asterisk (*) support setting a custom API key and URL.
These settings apply across all GitKraken products used by your organization.
Cloud Patches
Allow developers in your organization to create Cloud Patches that can be shared with others. Cloud Patches are encrypted Git patch files that GitKraken can store in GitKraken-managed or customer-managed storage.
If your company policies require internal storage, you can set up self-hosted Cloud Patches using your own AWS S3 bucket.
If this setup is not feasible, please contact our customer success team.
Self-Host Cloud Patches with AWS S3
Configure your GitKraken organization to store Cloud Patches on your own infrastructure.
Requirements
- An AWS account with S3 access
- Admin permissions to apply bucket policies
- GitKraken Pro or Enterprise plan
Setup Steps
- Create an S3 bucket and give it a meaningful name (e.g.,
gitkraken-cloud-patches). - Apply the GitKraken-supplied bucket policy using the UI template.
- Enter your AWS credentials into GitKraken:
- Bucket name
- Access key ID
- Secret access key
- AWS region
- Test the connection and save your configuration.
GitKraken encrypts all Cloud Patches, even when self-hosted. Only users with access to the patch link and repository permissions can view contents.
