The documentation on protected variables is pretty obscure. When I make a variable as protected I have to idea how to access it. No matter what I do it is always empty. I have tried base64 encoding it and then base64 encoding it again in the pipeline so I can see what it is and I get an empty string: Cg==. Can someone please explain how to use protected variables?
Asked
Active
Viewed 8,914 times
7
Josh Woodcock
- 2,683
- 1
- 22
- 29
-
Are you trying this on a protected branch or tag in the CI environment? – secustor Sep 22 '19 at 08:27
-
No, on master branch which has been unprotected – Josh Woodcock Sep 22 '19 at 13:13
2 Answers
6
As @secustor wrote, it is not possible to access protected variables from a branch or tag that is not protected. The variable would be empty if accessed.
From here, two options:
Push to a protected branch or tag (set the branch/tag protected in Settings > Repository)
Mark the variable as not protected (in Settings > CI/CD, under "Variables")
Again, as mentioned by @secustor, there is a good reason behind this logic. You might not want all the developers in your team to be able to access these variables.
Piffre
- 596
- 6
- 9
4
Protected variables are only available if there is a job on a protected branch or tag.
The reasoning behind this is to allow setups which prevent right escalations. E.g. Credentials for the testing environment for Developers on all branches and deployable credentials only on master/release branches. To add code to the second you need Maintainer rights. In this example, without protected variables, anyone with Developer rights could print the deploy credentials in their branch.
secustor
- 3,001
- 2
- 14
- 20
-
1Thanks. Can you please add the steps with screen shots to create and use a protected variable and I will accept your answer. I think your explanation while it may be accurate still does not show _how_ to use protected variables – Josh Woodcock Sep 22 '19 at 13:43