version-control - 在 GitLab 中安全地存储 secret 和凭据

Question

我想知道是否可以在我的 GitLab 项目中安全地存储密码、 token 和 key 等凭据。

目前有一堆 Java 文件，其中存储了一些密码用于测试目的。但是，出于安全原因，我不想将此信息推送到我的存储库中。我尝试在项目中使用环境变量，但它们似乎只适用于 .gitlab-ci.yml 文件。

我的问题是有人使用像 Hashicorps 或 Blackbox 这样的保险库来加密敏感信息吗？

谢谢

Answer 1

您可以查看附带的 GitLab 12.9(2020 年 3 月):

HashiCorp Vault GitLab CI/CD Managed Application

GitLab wants to make it easy for users to have modern secrets management. We are now offering users the ability to install Vault within a Kubernetes cluster as part of the GitLab CI managed application process.

This will support the secure management of keys, tokens, and other secrets at the project level in a Helm chart installation.

见 documentation和 issue .

另见 GitLab 13.4 (2020 年 9 月)
仅限高级/白银:

Use HashiCorp Vault secrets in CI jobs

In GitLab 12.10, GitLab introduced functionality for GitLab Runner to fetch and inject secrets into CI jobs. GitLab is now expanding the JWT Vault Authentication method by building a new secrets syntax in the .gitlab-ci.yml file. This makes it easier for you to configure and use HashiCorp Vault with GitLab.

https://about.gitlab.com/images/13_4/vault_ci.png -- Use HashiCorp Vault secrets in CI jobs

See Documentation and Issue.