Security on pipelines in gitlab

Hi Forum,

I’m a bit gob smacked. Gitlab seems to have absolutely everything I need and it’s private.

I ran a terraform pipeline on my cloud the other day on gitlab using my custom containers and almost fell off my chair when it worked. I ran this through gitlab website so I don’t have my own runners. So I am running infrastructure pipelines with no infrastructure. No Jenkins and no groovy - yay!! :smile:

I produce build artifacts that I pass between stages (namely a plan file on to a apply stage) and I was wondering about the security and should I be concerned. I use protected environment variables in the pipeline for app-Id and secrets but was a bit worried about these runners I know nothing about so I have been rotating my keys.

This is such an amazing way of managing cloud infrastructure I was wondering if anyone was aware of any drawbacks (such as AUP violation or security)?

Thanks nik.