Day 83 – GitLab Variables & Secret

In CI/CD pipelines, variables are essential for passing dynamic values like environment names, credentials, and configurations. GitLab provides both regular variables and secret (protected/masked) variables to handle sensitive data securely. Today, I explored how GitLab manages variables and how to set secret variables for projects and groups.

---

🌍 Types of GitLab Variables

1. Project Variables – specific to a single project.

2. Group Variables – inherited by all projects under a group.

3. Pipeline/Job Variables – defined directly inside the .gitlab-ci.yml file.

4. Secret Variables – masked/protected variables (like API keys, passwords).

---

⚙️ Setting Variables in GitLab

1. Navigate to your project → Settings → CI/CD → Variables.

2. Click Add Variable.

3. Define:

   • Key (e.g., DB_USER)

   • Value (e.g., admin)

   • Scope (environment-specific if needed)

---

🔒 Secret Variables

• GitLab allows you to mask and protect variables to ensure sensitive data is never exposed in logs.

• Examples:

  • AWS Keys

  • Database Passwords

  • Docker Registry Tokens

🔑 Example: Storing a database password

variables:
  DB_HOST: "db.prod.internal"
  DB_USER: "admin"
  DB_PASS: "${DB_PASS}"

Here, DB_PASS is stored as a masked secret variable in GitLab → Settings → CI/CD.

---

✅ Best Practices

• Never hardcode secrets in .gitlab-ci.yml.

• Use protected variables for production-only pipelines.

• Limit variable scopes to environments (e.g., staging, prod).

• Rotate secrets regularly.

---

Conclusion:
Managing variables properly in GitLab CI/CD keeps your pipelines flexible while ensuring security. Tomorrow, I’ll dive into GitLab CI/CD environments & deployments 🚀.