From 4558bb1f4a4be88bd05f0de9826686a86d63acad Mon Sep 17 00:00:00 2001 From: Kamil Trzcinski Date: Tue, 9 Feb 2016 00:44:27 +0100 Subject: Filter out variables from production logs This prevents leakage of CI Secure Variables --- config/application.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/application.rb b/config/application.rb index d255ff0719f..33d7b881fa4 100644 --- a/config/application.rb +++ b/config/application.rb @@ -31,7 +31,7 @@ module Gitlab config.encoding = "utf-8" # Configure sensitive parameters which will be filtered from the log file. - config.filter_parameters.push(:password, :password_confirmation, :private_token, :otp_attempt) + config.filter_parameters.push(:password, :password_confirmation, :private_token, :otp_attempt, :variables) # Enable escaping HTML in JSON. config.active_support.escape_html_entities_in_json = true -- cgit v1.2.1 From 078ec5e414bde2d8014d40cd476917d75d4756ac Mon Sep 17 00:00:00 2001 From: Kamil Trzcinski Date: Tue, 9 Feb 2016 01:08:49 +0100 Subject: Add information about expose of build variables. --- app/views/projects/variables/show.html.haml | 4 +++- doc/ci/variables/README.md | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/app/views/projects/variables/show.html.haml b/app/views/projects/variables/show.html.haml index e80dffc1ced..efe1e6f24c2 100644 --- a/app/views/projects/variables/show.html.haml +++ b/app/views/projects/variables/show.html.haml @@ -3,9 +3,11 @@ Secret Variables %p.light - These variables will be set to environment by the runner and will be hidden in the build log. + These variables will be set to environment by the runner. %br So you can use them for passwords, secret keys or whatever you want. + %br + The value of the variable can be visible in build log if explicitly asked to do so. %hr diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md index 862cacda586..018d1898594 100644 --- a/doc/ci/variables/README.md +++ b/doc/ci/variables/README.md @@ -77,9 +77,12 @@ More information about Docker integration can be found in [Using Docker Images]( GitLab CI allows you to define per-project **Secure Variables** that are set in build environment. The secure variables are stored out of the repository (the `.gitlab-ci.yml`). -These variables are securely stored in GitLab CI database and are hidden in the build log. +The variables are securely passed to GitLab Runner and are available in build environment. It's desired method to use them for storing passwords, secret keys or whatever you want. +**The value of the variable can be shown in build log if explicitly asked to do so.** +If your project is public or internal you can make the builds private. + Secure Variables can added by going to `Project > Variables > Add Variable`. They will be available for all subsequent builds. -- cgit v1.2.1