### Problem Currently, runner tokens must be hardcoded in config.toml: ```toml [[runners]] name = "runner-1" url = "https://gitlab.example.com" token = "glrt-xxxxxxxxxxxxxxxxxxxx" ``` This creates challenges for: - Kubernetes deployments: Tokens should come from Secrets, not ConfigMaps - Docker deployments: Tokens should be passed via environment variables - Security best practices: Secrets shouldn't be stored in version-controlled configuration files - Multi-runner setups: Each `[[runners]]` section needs its own token, but there's no way to inject them dynamically, applies to url as well, since we could (and currently do) have workers with differing URLs While the env:"CI_SERVER_TOKEN" struct tag exists, it only applies during gitlab-runner register (CLI argument parsing), not when loading config.toml at runtime. ### Proposal Support environment variable expansion in the token and url fields using standard shell syntax ($VAR or ${VAR}): ```toml [[runners]] name = "runner-1" url = "$GITLAB_URL" token = "${RUNNER_TOKEN_1}" [[runners]] name = "runner-2" url = "$GITLAB_URL" token = "${RUNNER_TOKEN_2}" ``` ### Related - https://gitlab.com/gitlab-org/gitlab-runner/-/work_items/38236