Enable DataProtection API access on GitLab.com SaaS Windows runners
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Summary
Currently, using the Windows DataProtection API on GitLab.com SaaS Windows runners results in a System.Security.Cryptography.CryptographicException: Access is denied error. This prevents applications from using standard Windows encryption/decryption functionality that relies on the DataProtection API.
Problem
When attempting to use the DataProtection API (such as ProtectedData.Protect() or ProtectedData.Unprotect()) on GitLab.com SaaS Windows runners, the following error occurs:
System.Security.Cryptography.CryptographicException : Access is deniedThis limits the ability to:
- Encrypt/decrypt sensitive data using Windows built-in mechanisms
- Use applications that depend on DataProtection API functionality
- Implement secure data handling patterns common in Windows environments
Proposal
Enable access to the Windows DataProtection API on GitLab.com SaaS Windows runners to allow standard Windows encryption/decryption operations.
Use Cases
- Applications that need to securely store/retrieve sensitive configuration data
- Testing encryption/decryption functionality that uses Windows DataProtection API
- CI/CD pipelines that process encrypted data using standard Windows mechanisms
- Applications migrating from on-premises Windows environments that rely on DataProtection API
Additional Information
This feature would improve compatibility with Windows-native applications and enable more comprehensive testing scenarios on GitLab.com SaaS infrastructure.