Using Rails Credentials within Gitlab-CI



I have certain environment variables I need to utilize within Gitlab CI. I need these variables to be within Rails credentials, not stored on the Gitlab runners via settings.

I have been working on this for about a week now and am struggling to find a working solution. The ideal format would be able to use ERB-style markdown (i.e. - <%= Rails.application.credentials[:my_credential] %>) but of course I’m not able to preprocess the ERB and have Gitlab CI still function.

What is your preferred method of utilizing ENV vars on Gitlab CI without manually storing them in the runner?


I don’t know what exactly you mean by “not stored in the runner”.

You can write a script which will export those variables from ruby to GitLab Runner during runtime. I did something similar in PHP. See example Skipping cache archiving due to empty cache key

Hope this helps.


Thank you @dompie I have updated my question to be a bit clearer on that.

That seems like quite a handy format to pull variables out from Ruby in real time while keeping them secure. Thanks!

In this case I’m looking at upwards of 18-20 environment variables so I’m unsure if I should do separate scripts for each variable?

I sure wish there were a straightforward way to access Rails.application.credentials in my .gitlab-ci.yml