Skip to content

G
gitlab-ce
Commit 9d8f2aee authored by Arran Walker's avatar Arran Walker
Browse files
Options

Add warning about Runner's potential masked variable reveal

parent 0ef98c4a
Show whitespace changes
Inline Side-by-side
Showing with 6 additions and 0 deletions
doc/ci/variables/index.md
View file @ 9d8f2aee
...@@ -311,6 +311,12 @@ NOTE: ...@@ -311,6 +311,12 @@ NOTE:
Masking a CI/CD variable is not a guaranteed way to prevent malicious users from accessing Masking a CI/CD variable is not a guaranteed way to prevent malicious users from accessing
variable values. To make variables more secure, you can [use external secrets](../secrets/index.md). variable values. To make variables more secure, you can [use external secrets](../secrets/index.md).
WARNING:
Due to a technical limitation, masked variables that are more than 4 KiB in length are not recommended. Printing such
a large value to the trace log has the potential to be [revealed](https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28128).
When using GitLab Runner 14.2, only the tail of the variable, characters beyond 4KiB in length, have the potential to
be revealed.
### Protect a CI/CD variable ### Protect a CI/CD variable
You can protect a project, group or instance CI/CD variable so it is only passed You can protect a project, group or instance CI/CD variable so it is only passed
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7