Secure Files (experimental)


Secure Files (experimental)

Secure files are encrypted at rest

Each secure file is encrypted with a unique key…

…and a SHA256 hash is stored in the database

Up to 100 files and up to 5MB per file

Binary files are supported

Stored outside the repository and are not version controlled

Upload

Either through the UI

Or through the API

The Developer role is required to access secure files


Secure Files (experimental)

Use secure files

Downloading secure files in a pipeline requires a binary

Environment variable SECURE_FILES_DOWNLOAD_PATH defines where files should be downloaded to

test:
  variables:
    SECURE_FILES_DOWNLOAD_PATH: './where/files/should/go/'
  script: |
    curl \
        --silent \
        --url "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" \
    | bash

Hands-On

See chapter Secure Files