Evaluate exposing runner token when debugging
Problem to solve
Because the GitLab Runner authentication token is masked with [Filtered] in the logs, it is not possible to connect actions against the runners API endpoint with which runner is executing those actions. Some customers need to be able to log and monitor when a runner changes IP addresses.
Intended users
User experience goal
Adding a configuration item which allows the administrators the power to remove the masking feature for the token in calls to the runners API endpoint. When this configuration is set, the token itself would appear in the logs and could be referenced in log analysis.
Proposal
Adding a configuration item which allows the administrators the power to remove the masking feature for the token in calls to the runners API endpoint.
Further details
Permissions and Security
Removing this mask will reduce the confidentiality of GitLab Runner authentication tokens and copying the logs to another system can leak those tokens to unauthorized personnel. Some customers appear willing to accept this risk in order to meet other internal monitoring requirements.
Documentation
Availability & Testing
Available Tier
Free
What does success look like, and how can we measure that?
Creation of this configuration item and the ability for Self-Managed GitLab administrators to begin using the token in their logging.