Multi-project pipelines variable hierarchy

I am attempting to use multi-project pipelines for security scans. I would like to store secure keys in the downstream project. Currently I can only store the variables in the upstream project.

I have tried adding the variable in both projects upstream and downstream but it only works in the upstream project. I would think that the variable hierarchy would look in the downstream project first. Any suggestions would be appreciated. Thanks.

I am not 100% sure if I understand, but you can set your keys as variable in downstream project in .gitlab-ci.yml file.

If your issue is that your variable has the same name in both projects you can disable variable inheritance from upstream pipeline:

trigger-job:
  inherit:
    variables: false
  trigger:
  ....

I tried using inherit: variables: false no luck. The issue is I need to have the variable in the group level variables in order for the variable to be used. I would like it to live in the subgroup of the downstream project. I have tried it in a few locations but the downstream pipeline does not seem to recognize it unless it is in the Main Group. I might add that the Project B is only a collection of jobs triggered from the upstream pipeline in Project A. There is no gitlab-ci.yml in Project B

I am kinda lost here, how do you trigger the downstream pipeline if there is no .gitlab-ci.yml in Project B? There must be one, otherwise multi-project pipelines won’t work.

Back to the variable issues.
Let’s say you define a CI/CD variable on Subgroup B called TEST_VAR with some value.
If you use multi-project pipelines to trigger a Project B pipeline from Project A pipeline the variable TEST_VAR is accessible in all jobs in Project B pipelines.

I cannot reproduce the issue you are seeing.