All discussions and MRs for the frontend for secrets management (on the implementation-level) will be housed here. The description for this epic will be a living document, updated regularly to reflect decisions made as the epic evolves. Note that the backend work for this is in development and UX Research is ongoing. Many decisions are subject to change. We want to establish a starting point for frontend, while being flexible to accommodate changes from the backend architecture and design. For now, we want to scaffold the pages needed for frontend with stubbed UI, using mock data when necessary. We'll integrate with backend once an API to use is available (See https://gitlab.com/groups/gitlab-org/-/epics/14243). ### 🔗 Quick Links: **Main Epics:** - :pushpin: https://gitlab.com/groups/gitlab-org/-/epics/14243+ - ~~https://gitlab.com/groups/gitlab-org/-/epics/10691+~~ - https://gitlab.com/groups/gitlab-org/-/epics/10723+ **UX and Design:** - :pushpin: ~~[Figma (First Iteration)](https://www.figma.com/file/35js99Rv49gso5PiYnQygo/Pipeline-Security-Main-File?type=design&node-id=675-42289&mode=design&t=aH1Z0b44jV61vYce-0)~~ [Figma (MVC)](https://www.figma.com/design/pktcB91wtBIp9g3WYfkCVR/Secrets-Manager?node-id=1-114&t=ppTS39xfjaGvpfpH-0): This will be our SSOT for designs. - ~~[Design MVC](https://gitlab.com/gitlab-org/gitlab/-/issues/419544)~~ [Completing Secrets Manager Design for Closed Experiment, Beta and MVC](https://gitlab.com/gitlab-org/gitlab/-/issues/470908) - [Continuous Feedback Program](https://gitlab.com/gitlab-org/ux-research/-/issues/2470) **Technical Discussions:** - :pushpin: [Secrets MVC: Permissions discussion](https://gitlab.com/gitlab-org/gitlab/-/issues/419546/) - [Architecture/Blueprint](https://docs.gitlab.com/ee/architecture/blueprints/secret_manager) - [Secrets MVC: Technical discussion](https://gitlab.com/gitlab-org/gitlab/-/issues/419545) - [Blueprint for Tanu-Key](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/128339) ## 🔑 Key Decisions ### Scope We will be focusing on project secrets only for the MVC. Group secrets and secrets inheritance will be discussed for post-MVC. See https://gitlab.com/gitlab-org/gitlab/-/issues/456419 and https://gitlab.com/gitlab-org/gitlab/-/issues/419546#note_1863841528. ### Feature Flag The UI will be developed under the `ci_tanukey_ui` feature flag. With https://gitlab.com/gitlab-org/gitlab/-/merge_requests/150412, we will be switching from **group** actors to **project** actors for this feature flag. <details><summary>Previous Feature Flag Implementation</summary> Introduced in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131224. The feature flag uses group actors and should only be enabled on **the root ancestor group**. All subgroups and projects will inherit the feature flag value of their root ancestor group. Secrets Management will be available for groups and projects and will have include secrets inheritance as a feature, so this will make it easier to develop, test, and manage feature rollout. `Feature.enable(:ci_tanukey_ui, group_a)` would have this effect: ```mermaid graph TD A[Group A ✅]-->B[Group B ☑️] A-->1[Project 1 ☑️] B-->2[Project 2 ☑️] B-->D[Group C ☑️] D-->3[Project 3 ☑️] ``` ✅: explicitly enabled, ☑️: enabled by inheritance ... while `Feature.enable(:ci_tanukey_ui, group_b)` would have no effect because Group B is not a root group. Because Group A's feature flag is enabled, Secrets Management will also be available for Groups B and C & Projects 1, 2, 3. See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131224#note_1577911382 for the discussion. </details> ## 👀 Pending Items *These are dependent on other things, so we'll just keep an eye on them for now and pin them for later.* *Topics:* - [Frontend Encryption](https://gitlab.com/groups/gitlab-org/-/epics/11373#note_1538439911) - [Permissions and Access Policies](https://gitlab.com/groups/gitlab-org/-/epics/11373#note_1538440155). See also [Secrets MVC: Permissions discussion](https://gitlab.com/gitlab-org/gitlab/-/issues/419546/) - [Navigation](https://gitlab.com/groups/gitlab-org/-/epics/11373#note_1538440772): For now, we'll just develop the page under a feature flag. How the user can navigate to this page is still in [discussion](https://gitlab.com/gitlab-org/gitlab/-/issues/424812) (See also https://gitlab.com/gitlab-org/gitlab/-/issues/470372#note_1979747692).