在 GitLab 中安全地存储秘密和凭据 [英] Storing secrets and credentials securely in GitLab
问题描述
我想知道是否可以在我的 GitLab 项目中安全地存储密码、令牌和密钥等凭据.
I am wondering if it's possible to store credentials like passwords, tokens and keys safely in my GitLab project.
目前有一堆 Java 文件,其中存储了一些密码用于测试目的.但是,出于安全原因,我不想在我的仓库中推送这些信息.我尝试在项目中使用环境变量,但它们似乎只适用于 .gitlab-ci.yml 文件.
Currently there are a bunch of Java files with some passwords stored in it for testing purposes. However, I don't want to push this information on my repo due to security reasons. I tried using environment variables in the project, but they only seem to work for the .gitlab-ci.yml file.
我的问题是,是否有人使用 Hashicorps 或 Blackbox 之类的保险库来加密敏感信息?
My question is does anyone use a vault like Hashicorps or Blackbox to encrypt sensitive information?
谢谢
推荐答案
您可以查看 GitLab 12.9(2020 年 3 月),它附带:
You can check out GitLab 12.9 (March 2020) which comes with:
GitLab 希望让用户能够轻松地进行现代机密管理.作为 GitLab CI 托管应用程序流程的一部分,我们现在为用户提供在 Kubernetes 集群中安装 Vault 的能力.
HashiCorp Vault GitLab CI/CD Managed Application
GitLab wants to make it easy for users to have modern secrets management. We are now offering users the ability to install Vault within a Kubernetes cluster as part of the GitLab CI managed application process.
这将支持在 Helm 图表安装中的项目级别安全管理密钥、令牌和其他机密.
This will support the secure management of keys, tokens, and other secrets at the project level in a Helm chart installation.
另请参阅 GitLab 13.4(2020 年 9 月)
See also GitLab 13.4 (September 2020)
仅适用于高级/白银:
在 GitLab 12.10 中,GitLab 为 GitLab Runner 引入了获取机密并将其注入 CI 作业的功能.GitLab 现在正在扩展 JWT Vault 身份验证方法通过在 .gitlab-ci.yml 文件中构建新的 secrets 语法.这使您可以更轻松地通过 GitLab 配置和使用 HashiCorp Vault.
Use HashiCorp Vault secrets in CI jobs
In GitLab 12.10, GitLab introduced functionality for GitLab Runner to fetch and inject secrets into CI jobs. GitLab is now expanding the JWT Vault Authentication method by building a new
secretssyntax in the.gitlab-ci.ymlfile. This makes it easier for you to configure and use HashiCorp Vault with GitLab.
https://about.gitlab.com/images/13_4/vault_ci.png -- 在 CI 作业中使用 HashiCorp Vault 机密
https://about.gitlab.com/images/13_4/vault_ci.png -- Use HashiCorp Vault secrets in CI jobs
这篇关于在 GitLab 中安全地存储秘密和凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
