3

I'm using GitLab CI/CD, and I store the secrets variables of the process in custom CI/CD variables, as documented here.

It started small, and with only a few variables, using the UI to define the variables is ok. But now, my project have gone bigger, and I end with dozens of variables, multiplied by a fair number of environments. At this point, it becomes tedious to manage them in the UI:

enter image description here ...and so on.

What I would like to do, which in my opinion is much more manageable, is to put all variables for an environement in a single file:

API_TOKEN_VALUE=xxxx
APP_EMAIL_SENDER=xxx
AWS_ACCESS_KEY_ID=xxx
AWS_ACCESS_KEY=xxx
...

And then store this single file as a unique CI/CD variable VAR_FILE, of type "File": enter image description here

My question is, if I do this, how can I access those variables in gitlab-ci.yml and make them available to the jobs?

scandel
  • 1,692
  • 3
  • 20
  • 39

1 Answers1

5

If you have xargs and cat available in your build image you could load them via

before_script:
    - export $(grep -v '^#' $VAR_FILE | xargs)

based on https://stackoverflow.com/a/20909045/3708208 (generally within this question you will find a lot of information).

Those will than be available by the name you defined in your CI Variables like API_TOKEN_VALUE or APP_EMAIL_SENDER

Simon Schrottner
  • 4,146
  • 1
  • 24
  • 36
  • 2
    Thank you so much, it works perfectly! Also tried `before_script: - set -o allexport; source $VAR_FILE; set +o allexport` from [this other answer to the same question](https://stackoverflow.com/a/30969768/2761700), works also. – scandel Feb 19 '21 at 15:19
  • unfortunately the variables in the format specified in the question can not be masked, which is a big vulnerabilty. https://gitlab.hmm.tools/help/ci/variables/README#mask-a-custom-variable – iliefa Mar 18 '22 at 07:29