Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
cfb35cd7
Commit
cfb35cd7
authored
Dec 05, 2016
by
Achilleas Pipinellis
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
It's secret variables, not secure
[ci skip]
parent
4099b560
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
11 additions
and
11 deletions
+11
-11
doc/ci/variables/README.md
doc/ci/variables/README.md
+11
-11
No files found.
doc/ci/variables/README.md
View file @
cfb35cd7
...
@@ -10,15 +10,15 @@ The variables can be overwritten and they take precedence over each other in
...
@@ -10,15 +10,15 @@ The variables can be overwritten and they take precedence over each other in
this order:
this order:
1.
[
Trigger variables
][
triggers
]
(take precedence over all)
1.
[
Trigger variables
][
triggers
]
(take precedence over all)
1.
[
Sec
ure variables
](
#secure
-variables
)
1.
[
Sec
ret variables
](
#secret
-variables
)
1.
YAML-defined
[
job-level variables
](
../yaml/README.md#job-variables
)
1.
YAML-defined
[
job-level variables
](
../yaml/README.md#job-variables
)
1.
YAML-defined
[
global variables
](
../yaml/README.md#variables
)
1.
YAML-defined
[
global variables
](
../yaml/README.md#variables
)
1.
[
Predefined variables
](
#predefined-variables-environment-variables
)
(
are
the
1.
[
Predefined variables
](
#predefined-variables-environment-variables
)
(
are
the
lowest in the chain)
lowest in the chain)
For example, if you define
`API_TOKEN=secure`
as a sec
ure
variable and
For example, if you define
`API_TOKEN=secure`
as a sec
ret
variable and
`API_TOKEN=yaml`
in your
`.gitlab-ci.yml`
, the
`API_TOKEN`
will take the value
`API_TOKEN=yaml`
in your
`.gitlab-ci.yml`
, the
`API_TOKEN`
will take the value
`secure`
as the sec
ure
variables are higher in the chain.
`secure`
as the sec
ret
variables are higher in the chain.
## Predefined variables (Environment variables)
## Predefined variables (Environment variables)
...
@@ -124,23 +124,23 @@ job_name:
...
@@ -124,23 +124,23 @@ job_name:
variables
:
[]
variables
:
[]
```
```
## Sec
ure
variables
## Sec
ret
variables
>**Notes:**
>**Notes:**
-
This feature requires GitLab Runner 0.4.0 or higher.
-
This feature requires GitLab Runner 0.4.0 or higher.
-
Be aware that sec
ure
variables are not masked, and their values can be shown
-
Be aware that sec
ret
variables are not masked, and their values can be shown
in the build logs if explicitly asked to do so. If your project is public or
in the build logs if explicitly asked to do so. If your project is public or
internal, you can set the pipelines private from your project's Pipelines
internal, you can set the pipelines private from your project's Pipelines
settings. Follow the discussion in issue
[
#13784
][
ce-13784
]
for masking the
settings. Follow the discussion in issue
[
#13784
][
ce-13784
]
for masking the
sec
ure
variables.
sec
ret
variables.
GitLab CI allows you to define per-project
**
Secure
variables**
that are set in
GitLab CI allows you to define per-project
**
secret
variables**
that are set in
the build environment. The sec
ure
variables are stored out of the repository
the build environment. The sec
ret
variables are stored out of the repository
(
`.gitlab-ci.yml`
) and are securely passed to GitLab Runner making them
(
`.gitlab-ci.yml`
) and are securely passed to GitLab Runner making them
available in the build environment. It's the recommended method to use for
available in the build environment. It's the recommended method to use for
storing things like passwords, secret keys and credentials.
storing things like passwords, secret keys and credentials.
Sec
ure
variables can be added by going to your project's
Sec
ret
variables can be added by going to your project's
**Settings ➔ Variables ➔ Add variable**
.
**Settings ➔ Variables ➔ Add variable**
.
Once you set them, they will be available for all subsequent builds.
Once you set them, they will be available for all subsequent builds.
...
@@ -150,7 +150,7 @@ Once you set them, they will be available for all subsequent builds.
...
@@ -150,7 +150,7 @@ Once you set them, they will be available for all subsequent builds.
> Introduced in GitLab Runner 1.7.
> Introduced in GitLab Runner 1.7.
>
>
> **WARNING:** Enabling debug tracing can have severe security implications. The
> **WARNING:** Enabling debug tracing can have severe security implications. The
output
**will**
contain the content of all your sec
ure
variables and any other
output
**will**
contain the content of all your sec
ret
variables and any other
secrets! The output
**will**
be uploaded to the GitLab server and made visible
secrets! The output
**will**
be uploaded to the GitLab server and made visible
in build traces!
in build traces!
...
@@ -311,7 +311,7 @@ job_name:
...
@@ -311,7 +311,7 @@ job_name:
```
```
You can also list all environment variables with the
`export`
command,
You can also list all environment variables with the
`export`
command,
but be aware that this will also expose the values of all the sec
ure
variables
but be aware that this will also expose the values of all the sec
ret
variables
you set, in the build log:
you set, in the build log:
```
```
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment