• Tomasz Maczukin's avatar
    Add support for dot (.) in variables masking · 6db05b3e
    Tomasz Maczukin authored
    The CI/CD Variables masking mechanism supports a limited number of
    characters that can be masked. One of the currently unsuported ones
    is the dot (.) character.
    
    This makes it unusable for example for JWT tokens in
    https://gitlab.com/gitlab-org/gitlab/issues/37469.
    
    The current limitation is mostly required to prevent usage
    of characters, that can be used in shell variables expansion, which
    would make the final masking pattern unpredictable. With the Raw
    Variables feature (that is under development) the restrictions could be
    possibly reduced a little. However for now, we're needing them.
    
    However, it seems that the dot (.) usage should not generate the problem
    and it would improve the security of JSON Web Tokens passed to the CI/CD
    job with the Variables.
    6db05b3e
maskable_spec.rb 2.21 KB