How to unmask CI_JOB_JWT?

masber · October 21, 2021, 10:50am

Dear Gitlab community,

I have a local free community gitlab instance and I am trying to integrate it with my vault server to read secrets. I use jwt authentication method for this and I am getting a permission denied when trying to authenticate.

vault write -field=token auth/jwt/login role=my-role jwt=$CI_JOB_JWT

I would like to troubleshoot this but for this I need to be able to read the masked value of CI_JOB_JWT

How can I show masked values in the jobs logs web interface?

thank you

maciekleks · November 17, 2021, 7:19am

script:
    - JQ=./jq #the latest not the official (1.5 does not support @base64d)
    - curl -sLo jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 > $JQ && chmod +x $JQ
    - ./jq -R 'split(".") | .[0],.[1] | @base64d | fromjson' <<< "$CI_JOB_JWT"