Use create and update mutations for group secrets

Mireya Andresrequested to merge
group-secrets/create-update into master

What does this MR do and why?

This integrates the create and update mutations for group secrets. The secrets manager is currently available for project secrets (under the secrets_manager feature flag) but we would like to make this available on the group level as well (under the secrets_manager_group feature flag).

The UI and behavior between group and project secrets are the same, except that:

  • Group secrets have a checkbox for Protected Branches instead of a dropdown for selecting a branch.
  • Rotation field is hidden (since rotation is not yet implemented for group secrets)

Submit/validation behavior will be updated in a separate MR.

Because we are reusing the same Vue components, we have a context config (ee/app/assets/javascripts/ci/secrets/context_config.js) where we set the GraphQL mutations to be used depending on if the context is "group" or "project".

References

Implements Frontend: Create and update group secrets (#577464)

⚠️ Requires the following MRs to be merged first:

Screenshots or screen recordings

For the moment, we can only test the Create mutation on the UI, since updating a group secret requires being able to fetch a secret (which is a query that is not yet available).

Here are the differences in the UI:

Project Secret Form Group Secret Form
Screenshot_2026-02-05_at_13.08.00 Screenshot_2026-02-05_at_13.07.36

When a projects secret is created, the form should automatically redirect to the secret details page. This is outside the scope of the MR for group secrets, since the fetch query is not yet available. We can verify the request from the Network tab in the browser's Developer Tools.

Request Response
Screenshot_2026-02-03_at_18.40.52 Screenshot_2026-02-03_at_18.40.59

How to set up and validate locally

  1. Upload a Premium license (or above).
  2. Set up openbao and enable the secrets manager on your gdk.
  3. Enable the secrets_manager and secrets_manager_group feature flag.
  4. Go to your project/group settings (Settings > General) and expand Permissions and group features and enable the group secrets manager.
  5. Go to /path-to-group/-/secrets/new and create a secret

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Mireya Andres

Merge request reports