gitlab-ci

Gitlab masking variables


I can't seem to mask a variable on Gitlab CI -

I'm trying to upload a ssh private key and no matter what I do it refuses to mask it.

That is I'm trying to store a private key on Gitlab for use by the Gitlab runner that my production servers have public keys for. I'm not asking about how to introduce it to the runner during the build as described in the answer to this question

I'm using a ed25519 key so the characters aren't all base 64 to start with.

So after generating the key

$ cat gitlab
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmU....etc etc
-----END OPENSSH PRIVATE KEY-----

I piped it to base64

$ cat gitlab|base64

No joy.

Gitlab also seemed to be introducing newlines into the pasted text/variable field

So I did

$ cat gitlab|base64|tr -d '\r'

and even

$ cat gitlab|base64|tr -d '\r'|xclip

I found this guy so what the hell

$ cat gitlab|base64|base32|tr -d '\r'|xclip

all with no joy.

Anyone got this working?


Solution

  • For me cat gitlab | base64 -w0 works.

    In you absolutely want to use tr, you'd use tr -d '\n' instead.

    EDIT: of course you also need to unbase64 it when using it.

    Here's an example which should clear the confusion:

    $ echo secret > gitlab
    $ MY_SECRET_ENCODED="$(cat gitlab | base64 -w0)"
    
    $ echo $MY_SECRET_ENCODED
    c2VjcmV0Cg==
    
    $ MY_SECRET_DECODED = "$(echo MY_SECRET_ENCODED | base64 -d)"
    $ echo $MY_SECRET_DECODED
    secret
    

    Here MY_SECRET_ENCODED is your variable in the interface, MY_SECRET_DECODED is what you use in your script.