Review apps for merge requests - how can avoid secret leakage?

ecerulm · January 26, 2021, 8:06am

I have created a pipeline that includes deploying a Review App if $CI_MERGE_REQUEST_ID is present.

Those jobs do two things

Build and upload a docker image file to a docker registry (ECR), for this it relies on CI/CD environment variables (with the credentials to the docker registry AWS_ACCESS_KEY_ID,etc)
helm upgrade --install --wait to deploy the review app to kubernetes, customizing the ingress address

My problem is that for this to work I need to “un-protect” the CI/CD variables so that they are available in the merge request branch, but that opens anybody that can create a MR to modify the .gitlab-ci.yml and leak the contents of the variables.

Is there any best practice on how to avoid this?

From what I see from the documentation on a first cursory search seems that there are two alternatives

File locking
External .gitlab-ci.yml, putting the .gitlab-ci.yml in another repo so that the developer can’t modify it.

Again my concert is that I need to use secrets/credentials in the CI/CD environment variables and I fear that those can leak if the developers make changes to the .gitlab-ci.yml. So how people usually go about this?

Topic		Replies	Views
How to protect CI secrets for open-source project? How to Use GitLab	0	306	November 9, 2018
Need help with handling protect variable and merge request pipeline GitLab CI/CD	0	276	November 7, 2023
Auto devops K8S_SECRET_<VAR> not available in review environment GitLab CI/CD	0	296	July 5, 2022
Controlling access to variables in CI jobs GitLab CI/CD	0	383	August 25, 2021
Merge automatically when pipeline succeeds never work with review apps/auto_stop_in GitLab CI/CD	2	1090	January 29, 2021

Review apps for merge requests - how can avoid secret leakage?

Related topics