Seems like it doesn’t like the dashes in that key. This might be originating from the variable validation added for AWS access keys in v12.10.
Just ran into this, but when trying to inject credentials for the DigitalOcean Spaces service, which appears to consistently produce keys of 43 characters long rather than the 40 that GitLab expects.
Digging through the AWS API docs, while there are restrictions on length and content of the AccessKeyID there doesn’t seem to be any for the SecretAccessKey, it’s just an opaque string:
This is a potential problem for anyone trying to use a custom S3 provider, of which there are many. This feature should flag values that don’t match what GitLab expects, but not block adding the variable entirely, as it does now.