Protected cluster

Description

Today, we have a bit of a problem. We let you create (or add) a cluster and have it associated with the production environment which means we'll only pass those cluster credentials when deploying to production. But we don't actually protect the cluster creds from malicious intent. What if a developer adds or edits a .gitlab-ci.yml inside a topic branch and configures pushes to that topic branch to deploy to production? What if they specify the deploy script as env to just capture all the creds so they can maliciously use them later? Organizations need to be able to ensure production credentials are exposed with the principle of least permissions.

Proposal

• Add a checkbox to protect a cluster, which would then only pass the cluster creds when acting on a protected branch, which presumably has been locked down correctly.

Links / references

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.