Role-specific variables
Description
Developers have security concerns about putting in secret variables needed for deployment, but then are accessible by any developer. If we let you restrict variables to roles, such as Master, then only users with that role would be able to make use of them in CI/CD. Thus some roles would be able to deploy, but others would not, even if they're otherwise able to trigger CI/CD pipelines.
Proposal
- In project variables view, add a column for restricting the variables with, for example, a dropdown of roles to pick the lowest level role to be allowed to see/use the variable.
- May be a single column for restrictions where you can specify roles and/or environments (gitlab-ce#20367).
Caveats
- I don't know how this would really work in practice. If you write your
.gitlab-ci.yml
to let people deploy, what would happen if the wrong level of person tries to deploy? Would the variable just be missing and thus the deploy would fail? Would we also need to have some kind ofonly
condition on jobs so we don't even try deploying if you're not amaster
on the project? Or should we protect these variables some other way, such as gitlab-ce#23859.
Links / references
- Environment-specific variables: gitlab-ce#20367
- Service-level variables: gitlab-ce#23859