Where should I keep my secrets? I am using gitlab-runner shell executor


I am using Gitlab CI, and Gitlab runner. Gitlab runner installed on my server which uses a shell executor.
I need to connect to our internal artifactory via API Key. What is the best practice in terms of keeping secrets?

Thanks in advance!

Selin Gungor

Hi @selingungor

For security reasons I will always suggest to use docker executor of gitlab runner and keep your secret in docker image.

As a now currently you are using shell executor then you should keep a secret at gitlab runner host in /tmp file.
Because it’s your machine then you Only user to use this machine.


Hi Kiran, thanks for your answer. But in our system I am not allowed to user docker. So, I need to keep my secret somewhere in the platform probably.