WIP: Hide secret variables (!899) · Merge requests · GitLab.org / gitlab-runner

Joe Rocklin requested to merge siemens-plm-devops/gitlab-runner:hide_secrets into master May 11, 2018

What does this MR do?

This adds a new feature which hides any variable marked as not public from the traces sent back to the gitlab server. It is behind a configuration flag which defaults to false to preserve existing behavior.

Why was this MR needed?

We had numerous requests from teams inquiring about how to prevent the accidental leakage of AWS credentials and other secret variables from the logs.

Are there points in the code the reviewer needs to double check?

After trying to study the existing test code around this area of the code base, I'm unsure how best to add tests for this feature. It is only implemented for the mutli command, I'm not sure it's relevant for any other locations.

Does this MR meet the acceptance criteria?

Documentation created/updated
Tests
- Added for this feature/bug
- All builds are passing
Branch has no merge conflicts with master (if you do - rebase it please)

What are the relevant issue numbers?

https://gitlab.com/gitlab-org/gitlab-ce/issues/13784

Edited May 16, 2018 by Joe Rocklin

WIP: Hide secret variables

What does this MR do?

Why was this MR needed?

Are there points in the code the reviewer needs to double check?

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Merge request reports