Merge branch 'docs-ci-runner-masking-reveal' into 'master'

Add warning about Runner's potential masked variable reveal See merge request gitlab-org/gitlab!67829

Merge branch 'docs-ci-runner-masking-reveal' into 'master'
Add warning about Runner's potential masked variable reveal See merge request gitlab-org/gitlab!67829
069c8cfa · Suzanne Selhorn · b817784b · 9d8f2aee · 069c8cfa
Commit 069c8cfa authored Aug 10, 2021 by Suzanne Selhorn
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

doc/ci/variables/index.md doc/ci/variables/index.md +6 -0

No files found.
--- a/doc/ci/variables/index.md
+++ b/doc/ci/variables/index.md
@@ -311,6 +311,12 @@ NOTE:
 Masking a CI/CD variable is not a guaranteed way to prevent malicious users from accessing
 variable values. To make variables more secure, you can [use external secrets](../secrets/index.md).

+WARNING:
+Due to a technical limitation, masked variables that are more than 4 KiB in length are not recommended. Printing such
+a large value to the trace log has the potential to be [revealed](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28128).
+When using GitLab Runner 14.2, only the tail of the variable, characters beyond 4KiB in length, have the potential to
+be revealed.
+
 ### Protect a CI/CD variable

 You can protect a project, group or instance CI/CD variable so it is only passed