Add configuration option for when a Vault (or other secrets manager) is enabled on a project, a user cannot add CI variables.
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Release notes
Organizations who use HashiCorp Vault for all CICD variables are interested in restricting their teammates use of GitLab CICD variables. This features allows you to hide CICD variables from users when a Vault is enabled on the project.
This feature could apply to any organization which has a secrets management provider/policy in place and would like to disable the use of CI variables.
Problem to solve
Users would like an option to force users to use Vault and not have an option to still use GitLab's CICD variables.
Intended users
User experience goal
As an admin user, I would like to select a Vault URL and turn off the CICD variables in GitLab
Proposal
TBD
Documentation
Yes, we will need to add documentation to secrets and cicd variables.
What is the type of buyer?
Is this a cross-stage feature?
sectionsec and ~"group::release management"