Source-controlled Protected/Encrypted Variables
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Problem to solve
I would really like the ability to store protected variables inside of my project's .gitlab-ci.yml without exposing them as plain text. This is something that Travis does by utilizing asymmetric encryption to store the encrypted variables inside of the .travis.yml.
Further details
Travis does this by encrypting the protected/secret variables with a public key through the use of their command line utility. The name of the git repository is bundled inside of the encrypted variable, so that the encrypted variable can only be used in the Travis build of that git repository. The value of the encrypted variable is decrypted by the build using a private key known only to Travis, and is used in the build.
Proposal
It would be nice if there were a way in the project settings so that someone could put in a plain text secret and it would spit out an encrypted version that you could copy and paste in the project's .gitlab-ci.yml:
Since a command line utility for interacting with GitLab doesn't exist, being able to do this in the project settings seems like a reasonable way to go about this.
What does success look like, and how can we measure that?
Success: being able to put encrypted variables inside of source control without risking exposing it as plain text. By using asymmetric encryption and keying the variable by the git repo, I can put an encrypted password or other secret information inside of my repository without worrying that it will be stolen or used incorrectly.