Default to file for CI ENV variable type (!118753) · Merge requests · GitLab.org / GitLab

Mikołaj Wawrzyniak requested to merge mwaw/change_ci_env_varible_default_to_more_secure_one into master Apr 26, 2023

What does this MR do and why?

As described at #29407 (comment 1211032688) using CI ENV variable type of variable instead of file can lead to variable content leaking into job logs which can lead to sever security incidents eg: https://gitlab.com/gitlab-sirt/incident_3555/-/issues/1#note_1368236995 This MR change default selection for CI ENV variable type to file since it reduce a risk of unintentional selection of insecure type and causing an security breach.

Screenshots or screen recordings

on master branch

Untitled

on feature branch

change_default

How to set up and validate locally

Visit http://gdk.test:3000/gitlab-org/gitlab-test/-/pipeline_schedules/new and check what is the default type of env variable pre selected in dropdown as in the movies from previous section

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Apr 26, 2023 by Mikołaj Wawrzyniak

Default to file for CI ENV variable type

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports