Read S3 Credentials from the environment variables

Release notes

AWS S3 Cache credentials can be read from the environment using the same variables in the registration step (CACHE_S3_ACCESS_KEY and CACHE_S3_SECRET_KEY).

Problem to solve

The environment variables CACHE_S3_ACCESS_KEY and CACHE_S3_SECRET_KEY are only used when registering the runner, not during normal operations. After registration you need to add the AWS Credentials to the config.toml file, which means if you have the runner's configuration checked into Git you'll be checking in secrets.

This provides an alternative to having to rely on using the AWS IAM Instance Profile of the machine the GitLab Runner is deployed on while still keeping the behaviour when registering a runner.

Intended users

• Devon (DevOps Engineer)
• Sidney (Systems Administrator)

User experience goal

Devon/Sidney should be able to configure the GitLab Runner to use AWS S3's cache without relying on registration or the AWS IAM Instance Profile.

Proposal

Further details

Permissions and Security

Documentation

Availability & Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Core

Is this a cross-stage feature?

No

Links / references