[Draft] Secure Files Feature Documentation
stage: Verify
group: Pipeline Authoring
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
type: reference
Secure Files (FREE)
Secure files are configuration files that are used in your CI pipelines. These files are stored securely outside of your project's repository, so it is safe to store sensitive information in these files. Secure files also supports plain text and binary file types.
Secure files are defined at the project level, and can be managed through the Secure Files API.
Secure files are loaded into CI piplines with the load-secure-files tool. This tool can be loaded into a CI by adding the following line to a script:
curl -s https://gitlab.com/gitlab-org/incubation-engineering/devops-for-mobile-apps/load-secure-files/-/raw/main/installer | bash
NOTE: This feature is in active development so changes and more capabiliteis will be coming soon.
Add a secure file to a project
You can add a secure file to a project via the Secure Files API. To do this, start by sending a POST request to the secure files endpoint for your project:
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
"https://gitlab.example.com/api/v4/projects/1/secure_files" --form "name=myfile.jks" --form "file=@/path/to/file/myfile.jks"
This request will return all of the metadata about the file you just uploaded. For example:
{
"id": 1,
"name": "myfile.jks",
"checksum": "16630b189ab34b2e3504f4758e1054d2e478deda510b2b08cc0ef38d12e80aac",
"checksum_algorithm": "sha256",
"permissions": "read_only",
"created_at": "2022-02-22T22:22:22.222Z"
}
Using secure files in your CI jobs
A simple tool has been created to make it easy to load your secure files into your CI jobs. The tool is called load-secure-files
.
test:
script:
- curl -s https://gitlab.com/gitlab-org/incubation-engineering/devops-for-mobile-apps/load-secure-files/-/raw/main/installer | bash
Video walkthrough
TODO