Simple protection of CI secret variables
It would be cool to have a simple protection of secret variables (e.g. credentials like username, password) in the build log output.
Reference from Jenkins: https://wiki.jenkins-ci.org/display/JENKINS/Mask+Passwords+Plugin
Why?
- In case some software is invoked in the build process shows the password (e.g. debug log or similar)
- Example: testing of chef cookbooks, which access some password protected sources to fetch the software, which is invoked in the test procedure.
- It would be a very easy protection for most cases where some secret might get visible in the log
How?:
- Simple string replacement on secret variable value in build log
- Additional checkbox in the Gitlab UI (see screenshow below)
- Gitlab CI runner gets information if protection is required and does the replacement in the build log