Skip to content

Secrets Management Category Update

Jackie Porter requested to merge secretsmanagement-update into master

Question raised

How do we comprehensively manage all how customers use GitLab to manage credentials, secrets, tokens and variables consistently in GitLab?

What this impacts?

  • ~"ci::variables"
  • ~"deploy keys"
  • ~"ci::tokens"

How does this impact prioritization?

We would have a greater reach into the software development lifecycle with Variables in CI, therefore we'd likely invest more in improving the Secrets management strategy and enabling $CI_JOB_TOKEN for pipeline permissions: gitlab-org&3559. I could also see a deeper investment in the settings for variables to make it easier to inherit and control permissions across pipelines along the path to production.

Proposal

Secrets Management is currently only defined by the HashiCorp Vault integration at GitLab. Although, a large piece of securely and safely deploying (a core tenet of Release Management) is how users lock down the path to production. There is a also a significant overlap between ci::variables and how they programmatically assign permissions to environments (which are in Release Orchestration). This merge request will move the following feature_labels to the Secrets Management Category:

  • ci::variables
  • ci::tokens
  • deploy keys

This change will streamline the approach of our Secrets Management Strategy, consolidating secure deployment concepts under Release Management.

Approvals

Merge requests with changes to stages and groups and significant changes to categories need to be created, approved, and/or merged by each of the below:

  • EVP of Product Management @sfwgitlab
  • VP of Product @adawar
  • The Product Director relevant to the stage group(s) @kencjohnston
  • The Engineering Director relevant to the stage group(s) @dcroft
  • Director of Product Design @vkarnes
  • CEO

The following people need to be on the merge request so they stay informed:

  • EVP of Engineering @edjdev
  • Vice President of Development @clefelhocz1
  • Director of Quality @meks
  • Vice President of User Experience @clenneville
  • The Product Marketing Manager relevant to the stage group(s) @parker_ennis
Edited by Sid Sijbrandij

Merge request reports