Hi,
I have a project with CI/CD and CI/CD secrets (for connecting to GCP to pull/push docker images and to deploy to a kubernetes cluster in GCP). I’d like to open-source my project while also making sure that these secrets can’t be seen by people who I haven’t explicitly approved. Is this possible?
What I’m most worried about is someone doing something like the following:
- edit the .gitlab-ci.yaml file with a line like
echo $GCP_REGISTRY_TOKEN - push this branch
- look at the log output of the CI job with that edit
- have access to my GCP docker image registry
Does gitlab make it possible to hide these sorts of things from non-approved contributors?