pipeline JWT token
Please read this!
Before opening a new issue, make sure to search for keywords in the issues filtered by the "feature proposal" label:
For the Community Edition issue tracker:
For the Enterprise Edition issue tracker:
and verify the issue you're about to submit isn't a duplicate.
Please remove this notice if you're confident your issue isn't a duplicate.
Description
Currently to authenticate to remote services keys must be stored securely and must not be accidentally leaked. This also prevents MR build jobs from accessing the secret keys safely.
Proposal
Generate JWT token that asserts:
{
"pipeline": "https://gitlab.com/gitlab-org/gitlab-ce/pipelines/10485235",
"job": "https://gitlab.com/gitlab-org/gitlab-ce/-/jobs/25026971",
"started": "2017-08-02T10:54:30.391668"
}
Pipelines can then use this assertion to authenticate to services that support it. GitLab can provide the public JWT key somewhere like https://gitlab.com/.pipeline-jwt
Links / references
Documentation blurb
Overview
What is it? Why should someone use this feature? Allow pipelines to authenticate to remote services What is the underlying (business) problem? Currently to authenticate to remote services keys must be stored securely and must not be accidentally leaked. How do you use this feature? grab an environment variable with GITLAB_PIPELINE_TOKEN
Use cases
3rd parties such as Source Labs would need to add support.
Feature checklist
Make sure these are completed before closing the issue, with a link to the relevant commit.
-
Feature assurance -
Documentation -
Added to features.yml