### Phase 2 - Fetch & Configure Secrets * [ ] [GitLab reads Vault CI Variables](https://gitlab.com/gitlab-org/gitlab/-/issues/28321) * https://gitlab.com/gitlab-org/gitlab/-/merge_requests/31831 ~"workflow::In review" Define new CI syntax for `secrets`. * https://gitlab.com/gitlab-org/gitlab/-/merge_requests/32501 ~"workflow::In review" Expose configured secrets (if any) to the runners, apply license check. Currently behind feature flag, disabled by default. * TBC - add support for defaults in the CI syntax, as proposed here - https://gitlab.com/gitlab-org/gitlab/-/issues/28321#defaults * [ ] [Fetch requested secrets from Vault and provide them to CI jobs](https://gitlab.com/gitlab-org/gitlab/-/issues/212252) * [ ] [Explicit concept of secrets in GitLab CI](https://gitlab.com/gitlab-org/gitlab/-/issues/218746) * [ ] Document Vault backend CI secrets (i.e. how to configure your Vault) * [ ] [ ] Project level Vault Configuration * [ ] Configure secrets as CI variables * [ ] Add support for jobs to require secrets in CI syntax * [ ] [Alternatively] Configure secrets in CI syntax * [ ] Fetch requested secrets from Vault and provide them to CI jobs * [ ] Limit communication with Vault (add timeout) * [ ] Document Vault backed CI secrets (i.e. how to configure your Vault)