Use when configuring GitLab CI/CD variables, managing secrets, or integrating with external secret providers. Covers secure credential handling.
Limited to specific tools
Additional assets for this skill
This skill is limited to using the following tools:
name: gitlab-ci-variables-secrets description: Use when configuring GitLab CI/CD variables, managing secrets, or integrating with external secret providers. Covers secure credential handling. allowed-tools:
Configure CI/CD variables and manage secrets securely in GitLab pipelines.
build:
script:
- echo "Branch: $CI_COMMIT_BRANCH"
- echo "Commit: $CI_COMMIT_SHA"
- echo "Pipeline: $CI_PIPELINE_ID"
- echo "Project: $CI_PROJECT_NAME"
- echo "Registry: $CI_REGISTRY_IMAGE"
variables:
NODE_ENV: production
DATABASE_URL: "postgres://localhost/app"
build:
variables:
BUILD_TARGET: dist
script:
- npm run build --target=$BUILD_TARGET
variables:
GLOBAL_VAR: "available everywhere"
deploy:
variables:
DEPLOY_ENV: production
script:
- ./deploy.sh $DEPLOY_ENV
Configure in GitLab UI: Settings > CI/CD > Variables
variables:
PUBLIC_KEY:
value: "pk_test_xxx"
description: "Stripe public key"
Set variables with:
deploy:
script:
- cat $KUBECONFIG # File variable contents
- kubectl apply -f deployment.yaml
job:
secrets:
DATABASE_PASSWORD:
vault:
engine:
name: kv-v2
path: secret
field: password
path: production/db
job:
secrets:
API_KEY:
azure_key_vault:
name: my-api-key
version: latest
job:
secrets:
AWS_SECRET:
aws_secrets_manager:
name: prod/api-key
version_id: latest
deploy:aws:
id_tokens:
AWS_TOKEN:
aud: https://gitlab.com
script:
- >
aws sts assume-role-with-web-identity
--role-arn $AWS_ROLE_ARN
--web-identity-token $AWS_TOKEN
.gitlab-ci.yml