Update secret resolver to return raw & masked variables (!3750) · Merge requests · GitLab.org / gitlab-runner

Arran Walker requested to merge ajwalker/dynamically-mask-resolved-vault-variables into main Nov 24, 2022

What does this MR do?

Updates the secret resolver to return raw and masked variables.

Why was this MR needed?

Previously non-masked variables were returned which meant that any secret echo'd out to the job log would not be masked.

In addition to not being masked, variables could also be expanded by default, leading to a secret containing $ to be mishandled.

What's the best way to test this MR?

We cannot easily add an integration test for this, and the change isn't dependant on necessarily just Vault, but any secret resolver. A test has been added ensuring that the secret resolver is setting up the variables in the correct way.

What are the relevant issue numbers?

Closes gitlab#255186 (closed)

Closes #27996 (closed)

Edited Dec 12, 2022 by Arran Walker

Update secret resolver to return raw & masked variables

What does this MR do?

Why was this MR needed?

What's the best way to test this MR?

What are the relevant issue numbers?

Merge request reports