问题
I don't wan't to put sensitive Credentials (Like API-Keys, passwords...) into my branch. For this, GitLab (and other CI/CD-Services) are able to set Enviroment-Variables. They will be injected on deployment-process into the Script.
I know about two ways for GitLab to set them:
- Via UI (Project ⇒ Settings ⇒ CI/CD ⇒ Variables)
- Via .gitlab-ci.yml
As in my opinion the first way is the secure one, because none files with credentials are saved in the git-repo, it's also the more complecated way... because I have to set each single variable by hand via GitLab-GUI
With the second way I see the issue, that .gitlab-ci.yml is saved into the gitlab-repo, so the credentials are not secure.
Question: Is there a way to define the ENV-Vars in a File and provide it to GitLab, without to put them into the branch? Or is there another way to create those ENV-Vars easy and secure in GitLab?
回答1:
Is there a way to define the ENV-Vars in a File?
Yes, in UI settings you mentioned you can specify variables type to be variable (key:value) or file (in Key will be passed path to secret file with content from value input).
So file variable seems like what you are looking for.
Readme and docs provide good description for variables. Personally I find very useful other options: variable masking and protected state.
回答2:
Thanks makozaki, that was a good hint, but there are some special requirements:
First go to your Project ⇒ Settings ⇒ CI/CD ⇒ Variables and add them like this:
The Key will be turned in a File-Name and the values you entered will be as Data inside this File.
In the Job-Logs of the CI-Process it provides the full Path to your new generated File... it looks like this:
ENV_PRODUCTION: '/builds/yourProjectGroup/gatsby_netlifycms_starter.tmp/ENV_PRODUCTION',
Notice
you can't choose the easy way and name it
.env.productionto use it withdotenvBecause the Key-Field don't allow special-characters like.,
Now as you got the File with all your config-values, you can easily implement it in your Application (e.g. with dotenv).
For my Gatsby implementation it looks like this.
require("dotenv").config({
path: process.env.ENV_PRODUCTION ? process.env.ENV_PRODUCTION : `.env.${process.env.NODE_ENV}`,
})
const config = require('gatsby-plugin-config').default;
What's happening here? The dotenv.config() is checking, if your self-created ENV_PRODUCTION exists... if yes, it will be used. Else it will use the general .env.<yourNodeEnviroment> one.
So with the above given Values in ENV_PRODUCTION, you are able to access FIRST_VALUE within your Application.
This way it's easy to have an .env.development for running your application ot local machine, and using ENV_PRODUCTION env from Gitlab on production.
来源:https://stackoverflow.com/questions/60741175/how-to-setup-gitlab-enviroment-variable-in-save-way