Stored securely in the GitLab server
Injected into jobs at runtime
Available in project-, group- and instance-level
Careful with protected variables
AUTHOR
and set to a value of your choiceUpdate build command and add AUTHOR
:
build:
script: |
- go build \
-ldflags "-X main.Version=${CI_COMMIT_REF_NAME}
-X 'main.Author=${AUTHOR}'" \
-o hello \
.
Fetch change:
git checkout 160_gitlab_ci/020_variables/ci -- '*'
Many values are rejected by GitLab
Store base64-encoded values
Decode values before use:
job_name:
script:
- echo "$( echo "${MASKED_VAR}" | base64 -d )"
Careful! Original value will not be masked!
Prevent project maintainers/owners to read masked CI variables:
But masked values can always be leaked through a pipeline:
job_name:
script:
- echo "${MASKED_VAR}" | base64