Environment variable AWS_SECRET_ACCESS_KEY doesn't match expected pattern

I’m trying to add environment variable AWS_SECRET_ACCESS_KEY to my CI/CD and form in “Settings” / “CI/CD” throws an error “This variable does not match the expected pattern.”

For example, it doesn’t support this type of value JyTRFdqw8t1kh2-OJNz4JX5ZTz9Dj1rI9hxtzMP1
However, it was generated by Yandex.Cloud as an S3 Storage Key.

Same problem

Seems like it doesn’t like the dashes in that key. This might be originating from the variable validation added for AWS access keys in v12.10.

Just ran into this, but when trying to inject credentials for the DigitalOcean Spaces service, which appears to consistently produce keys of 43 characters long rather than the 40 that GitLab expects.

Digging through the AWS API docs, while there are restrictions on length and content of the AccessKeyID there doesn’t seem to be any for the SecretAccessKey, it’s just an opaque string:

https://docs.aws.amazon.com/IAM/latest/APIReference/API_AccessKey.html

This is a potential problem for anyone trying to use a custom S3 provider, of which there are many. This feature should flag values that don’t match what GitLab expects, but not block adding the variable entirely, as it does now.

1 Like