Reputation: 846
Unmask inherited masked gitlab CI/CD variable
Does anyone know how to get the value of a [MASKED] variable in Gitlab in one project which inherits this [MASKED] variable from another parent project where I don't have access?
Running the .gitlab-ci.yaml in the CI/CD pipelines in Gitlab gives me :
...
$ echo $ENV / $VERSION / $LEANIX_SERVICE_URL
development / 1.1.0 / [MASKED]
...
The settings of the project can be seen in the following screenshot :
Upvotes: 3
Views: 9074
Answers (2)
Reputation: 846
I found the answer how to expose the content of this variable. This is the modified content of my ".gitlab-ci.yml file".
Solution
image: mcr.microsoft.com/dotnet/sdk
stages:
- dotnet
- leanix
...
leanix_sync:
stage: leanix
variables:
ENV: "development"
rules:
- if: '$CI_COMMIT_BRANCH == "develop"'
variables:
ENV: "development"
...
before_script:
- apt update && apt -y install jq
- apt-get install -y libxml2-utils
script:
- IFS='/' read -r -a FILES <<< "$LEANIX_SERVICE_URL"
- echo ${FILES[*]}
The idea is to split the initial string by a character that I am sure that I will find inside like '/' and then add the output to an array and obtain the following :
$ IFS='/* read -r -a FILES <<< "$LEANIX_SERVICE_URI
$ echo ${FILES[*1}
...leanix.net services
Not working
(Actually works, it just gives out an encoded string)
What I did try and did not work : as indicated by @sytech I tried adding the following to my .gitlab-ci.yml.
First try:
Editing .gitlab-ci.yml :
image: mcr.microsoft.com/dotnet/sdk
stages:
- dotnet
- secrets
- leanix
dotnet_sync:
stage: dotnet
before_script:
- export dotn=test1
script:
- echo $dotn
expose_secrets:
stage: secrets
script:
- echo $LEANIX_SERVICE_URL | base64
...
Give the following encrypted output :
360cf9253862953e065035c ...
$ echo $LEANIX_SERVICE_URL | base64
aHR0cHMGLY91dSOOLmxlYWSpeC5uZXQvc2VydmljZXHK
Cleaning up file based variables
Job succeeded
Second try:
Editing .gitlab-ci.yml :
leanix_sync:
stage: leanix
variables:
ENV: "development"
rules:
- if: '$CI_COMMIT_BRANCH == "develop"'
variables:
ENV: "development"
before_script:
- apt update && apt -y install jq
- apt-get install -y libxml2-utils
script:
- echo $LEANIX_SERVICE_URL | base64
- cat packages.config
...
$ echo $LEANIX_SERVICE_URL | base64
aHR0cHMGLY91dSOOLmxlYWSpeC5uZXQvc2VydmljZXHK
$ cat packages. config
<?xml version="1.0" encoding="utf-8"?>
<packages>
Upvotes: 1
Reputation: 40871
You need to have maintainer or higher privileges on the Biz-IT group (the group from which that variable is inherited) in order to see the value of the inherited variable. The hyperlink of the group name from your project Ci/CD variables settings will take you to the CI/CD settings page for the Biz-IT group, if you have permissions to it. From that page, if you have permission, you can reveal the value.
While it is possible to expose the value in your job (see this answer) it's not a particularly good idea. The variable is probably masked for a reason -- because the person who created it doesn't want it exposed in job logs. You should strongly consider contacting an administrator or someone in that group with sufficient permissions if possible.
Upvotes: 2
Related Questions
- Gitlab masking variables
- Find the value of a masked CI/CD variable
- Gitlab CI/CD: Setup variables relating to environment
- gitlab CI/CD rules:changes negate glob
- GitLab CI/CD unset variables set in CI / CD Settings
- Gitlab CI only variables that come from extends
- How to keep Gitlab variable masked even the value is changed?
- Unable to get inherited gitlab CI/CD variables
- Gitlab CI/CD configuration in file with specific name
- Keep gitlab CI/CD variables secret in public repository