Reputation: 13578
How to Setup GitLab Environment Variables in a safe way?
I don't wan't to put sensitive Credentials (Like API keys, passwords etc) into my branch. For this, GitLab (and other CI/CD-Services) are able to set Environment-Variables. They will be injected into the script during deployment process.
I know about two ways for GitLab to set them:
- Via UI:
Project⇒Settings⇒CI/CD⇒Variables - Via
.gitlab-ci.yml
As in my opinion the first way is the secure one, because no files with credentials are saved in the git repo but it's also the more complicated way because I have to set each single variable by hand via GitLab-GUI.
With the second way, the issue is that .gitlab-ci.yml is saved into the gitlab repo so that the credentials are not secure.
Question: Is there a way to define the ENV-Vars in a file and provide it to GitLab, without putting them into the branch? Or is there another way to create those ENV-Vars easily and securely in GitLab?
Upvotes: 5
Views: 6421
Answers (2)
Reputation: 13578
Thanks makozaki, that was a good hint, but there are some special requirements:
First go to your Project ⇒ Settings ⇒ CI/CD ⇒ Variables and add them like this:
The Key will be turned in a File-Name and the values you entered will be as Data inside this File.
In the Job-Logs of the CI-Process it provides the full Path to your new generated File... it looks like this:
ENV_PRODUCTION: '/builds/yourProjectGroup/gatsby_netlifycms_starter.tmp/ENV_PRODUCTION',
Notice
you can't choose the easy way and name it
.env.productionto use it withdotenvBecause the Key-Field don't allow special-characters like.,
Now as you got the File with all your config-values, you can easily implement it in your Application (e.g. with dotenv).
For my Gatsby implementation it looks like this.
require("dotenv").config({
path: process.env.ENV_PRODUCTION ? process.env.ENV_PRODUCTION : `.env.${process.env.NODE_ENV}`,
})
const config = require('gatsby-plugin-config').default;
What's happening here? The dotenv.config() is checking, if your self-created ENV_PRODUCTION exists... if yes, it will be used. Else it will use the general .env.<yourNodeEnviroment> one.
So with the above given Values in ENV_PRODUCTION, you are able to access FIRST_VALUE within your Application.
This way it's easy to have an .env.development for running your application ot local machine, and using ENV_PRODUCTION env from Gitlab on production.
Upvotes: 3
Reputation: 4366
Is there a way to define the ENV-Vars in a File?
Yes, in UI settings you mentioned you can specify variables type to be variable (key:value) or file (in Key will be passed path to secret file with content from value input).
So file variable seems like what you are looking for.
Readme and docs provide good description for variables. Personally I find very useful other options: variable masking and protected state.
Upvotes: 2
Related Questions
- Setting environment variable in gitlab-ci.yml script
- Exporting environment variables from one stage to the next in GitLab CI
- how to dump gitlab ci environment variables to file
- Gitlab CI/CD: Setup variables relating to environment
- User defined variables in Gitlab CI environment URL empty
- Global environment variables for gitlab CI runner
- How to set up files as env vars in GitLab?
- Gitlab CI use export variable
- Define Gitlab environment
- How to define the environment variable in environments url [Gitlab CI]