Reputation: 2783
How to use protected variables in gitlab ci
The documentation on protected variables is pretty obscure. When I make a variable as protected I have to idea how to access it. No matter what I do it is always empty. I have tried base64 encoding it and then base64 encoding it again in the pipeline so I can see what it is and I get an empty string: Cg==. Can someone please explain how to use protected variables?
Upvotes: 9
Views: 14327
Answers (2)
Reputation: 661
As @secustor wrote, it is not possible to access protected variables from a branch or tag that is not protected. The variable would be empty if accessed.
From here, two options:
Push to a protected branch or tag (set the branch/tag protected in Settings > Repository)
Mark the variable as not protected (in Settings > CI/CD, under "Variables")
Again, as mentioned by @secustor, there is a good reason behind this logic. You might not want all the developers in your team to be able to access these variables.
Upvotes: 7
Reputation: 3489
Protected variables are only available if there is a job on a protected branch or tag.
The reasoning behind this is to allow setups which prevent right escalations. E.g. Credentials for the testing environment for Developers on all branches and deployable credentials only on master/release branches. To add code to the second you need Maintainer rights. In this example, without protected variables, anyone with Developer rights could print the deploy credentials in their branch.
Upvotes: 4
Related Questions
- Gitlab masking variables
- How to set gitlab-ci variables dynamically?
- Gitlab CI only variables that come from extends
- How to keep Gitlab variable masked even the value is changed?
- How should use variables?
- Keep gitlab CI/CD variables secret in public repository
- Is it safe to use GitLab CI «protected» variables for secrets?
- How to use protected enviroment variables from gitlab CI/CD inside serverless script?
- Gitlab-CI custom variable
- Gitlab CI: Set dynamic variables