Implement yaml specification of gitlab pipeline environment variables
Problem to solve
Current CI/CD environment variable specification is at least cumbersome. When dealing with large project with many secret variables it does not allow easy management nor display (especially if the names or content contain many characters or multiple lines).
Intended users
Operations, DevOps, Release managers
Further details
This proposal aims to solve the shortcomings of current CI/CD secret variables management, mainly to allow better visualization and easy input while preserving current security. Also it will allow management of CI/CD variable as a code in separate repository
Proposal
I propose to make special web form and allow users to put yaml specification of all variables in the following form there.
variables:
- name: ENV_VAR_1
type: file # optional, defaults to variable
value: VALUE_OF_ENV_VAR_1
masked: true # optional, defaults to false
protected: true # optional, defaults to false
- name: ENV_VAR_2
value: VALUE_OF_ENV_VAR_2
The form should be accessible from project/settings/CI/CD page and if displayed it should display the yaml with overridden values. After clicking inside the form, the original yaml file should be displayed so the edits are allowed.
Permissions and Security
To access the this functionality, user must have sufficient privileges (in current state that means being maintainer or owner)
Testing
In case the variables are saved into database (and I do not know enough about gitlab to be certain about this) yaml procesing on the server side needs to be implemented to allow this feature
What does success look like, and how can we measure that?
- Quick and easy variable specification. This can be measured by time difference between specification of variables the old way and new way
- Management of variables as a code.