Secure files are encrypted at rest
Each secure file is encrypted with a unique key…
…and a SHA256 hash is stored in the database
Up to 100 files and up to 5MB per file
Binary files are supported
Stored outside the repository and are not version controlled
The Developer role is required to access secure files
Downloading secure files in a pipeline requires a binary
Environment variable SECURE_FILES_DOWNLOAD_PATH
defines where files should be downloaded to
test:
variables:
SECURE_FILES_DOWNLOAD_PATH: './where/files/should/go/'
script: |
curl \
--silent \
--url "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" \
| bash
See chapter Secure Files