maddie
maddie

Reputation: 545

Cannot use `$$` character in GitLab environment variables

Cannot use $$ character in environment variables of GitLab CI.

I store my secrects in GitLab CI environment variables out of which one of my pass word string has $$ characters at the end (eg :Ab1ab$$). When i echo it out or use envsubst, the output will be Ab1ab$, stripping the extra $ on the end.

I tried using to surround the string in '',"" none of which helped. Saw some concerns on the gitlab community regarding the usage of $ character in the env variables, but could not find any workarounds for my exact problem.

https://gitlab.com/gitlab-org/gitlab-ce/issues/27436

export VAR= 'Ab1ab$$' echo $VAR=Ab1ab$

Upvotes: 6

Views: 5341

Answers (1)

mattbornski
mattbornski

Reputation: 12563

This is a pretty common problem with setting env variables in CI! I have encountered it numerous times with CircleCI as well. I have found great success with backslashes, typically, but I'm guessing you tried that already.

I found a thread discussing what I believe is likely a deeply related issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/27436

Key takeaway there is that at least in that version of the GitLab product they hadn't found a great answer yet. I decided to start doing some experimentation:

https://gitlab.com/mattbornski/gitlab-ci-exploration

I set up a whole bunch of environment variables in different formats to see which resulted in a dollar sign.

$ python3 audit_environment.py
DOLLA_DOUBLE_MIDSTRING = 1$234
DOLLA_QUAD_MIDSTRING = 1$$234
DOLLA_SINGLE_MIDSTRING_BACKSLASHED = 1\34
DOLLA_DOUBLE_MIDSTRING_BACKSLASHED = 1\\34
DOLLA_DOUBLE_MIDSTRING_LEADING_BACKSLASHED = 1\$234
DOLLA_QUAD_ENDSTRING = 1234$$
DOLLA_SINGLE_MIDSTRING_BACKSLASHED_DOUBLE_QUOTED = "1\34"
DOLLA_SINGLE_MIDSTRING_DOUBLE_QUOTED = "134"
DOLLA_SINGLE_MIDSTRING_BACKSLASHED_SINGLE_QUOTED = '1\34'
DOLLA_SINGLE_MIDSTRING = 134
Job succeeded

So, takeaway here:

  • Double dollar signs result in a single dollar sign appearing in the environment variable accessible to your code in GitLab CI. This can be repeated.
  • Quoting passes through but does not impact the expansion/elision of the dollar sign
  • Backslash passes through but does not impact the expansion/elision of the dollar sign

So your options look like:

  • Put four dollar signs in the var that you set so that you get two in the environment in which you run
  • Regenerate your keys so that they don't have problematic characters in them (a very real option that I have definitely availed myself of many times to avoid this rabbit hole)

For further exploration, here are a bunch more fun options to try: https://unix.stackexchange.com/a/309791

Upvotes: 1

Related Questions