Provide obfuscated variant of $CI_ENVIRONMENT_SLUG for review apps url
We started using GitLab Review Apps and they are pretty awesome.
We currently use $CI_ENVIRONMENT_SLUG to generate unique URL for every environment. During the deployment, we also create a new Kubernetes namespace for every environment and request a wildcard TLS certificate for every namespace from Let's Encrypt.
This causes every domain (every branch name) to be listed in the certificate transparency logs which is not ideal as the branch names can be very descriptive and reveal too much information.
I tried to use dynamic variables to do something like:
CI_ENVIRONMENT_HASH: `echo $CI_ENVIRONMENT_SLUG | sha1sum`
but it does not seem to be possible according to https://gitlab.com/gitlab-org/gitlab-ce/issues/27921
I wonder if it would be possible to add an extra variable that is derived from the branch name but does not reveal its name?