Skip to content
Latchkey

GitLab CI "Uploading artifacts ... 401 Unauthorized"

The script succeeded, but the artifact upload was rejected with 401. The job token the runner used to authenticate to the coordinator was invalid or had already expired.

What this error means

The "Uploading artifacts" step fails with "401 Unauthorized" or "403 Forbidden" from the coordinator, marking an otherwise-green job as failed. It often coincides with a very long job whose token expired.

gitlab-ci
Uploading artifacts...
WARNING: Uploading artifacts as "archive" to coordinator... 401 Unauthorized
FATAL: invalid argument                              id=1234 token=xxxxx

Common causes

Job token expired before upload

The CI job token is valid only while the job runs. A job that ran past the token lifetime before uploading is rejected with 401.

Clock skew or coordinator trust issue

A runner whose clock is far off, or one talking to a coordinator URL it is not authorized against, can have its token rejected at upload time.

How to fix it

Shorten time-to-upload on long jobs

  1. Reduce job wall time so the upload happens well within the token lifetime.
  2. Split very long jobs so each finishes and uploads promptly.
  3. Retry the job; a fresh token usually uploads successfully.

Fix runner clock and coordinator URL

Runner host
sudo timedatectl set-ntp true   # keep the runner clock synced
gitlab-runner verify             # confirm registration/URL

How to prevent it

  • Keep runner clocks synced via NTP.
  • Avoid jobs whose runtime approaches the token lifetime.
  • Monitor for repeated 401s as a sign of a misconfigured coordinator URL.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →