gitlab-secrets-manager
v0.1.5
Published
Local secrets manager using GitLab CI/CD variables
Downloads
11
Maintainers
Readme
🔒 GitLab Secrets Manager
❗❗ This project is untested and not ready for production – use at your own risk ❗❗
Before you start
GitLab offers different environment scopes for CI/CD variables. Make sure to use different secrets for production and local development!
This CLI is meant to simplify synchronizing secrets between multiple machines/collaborators for development. For production, reference the CI/CD variables inside your .gitlab-ci.yml
as intended.
Usage
Basic Configuration
Before the CLI can be used a personal GitLab access token with read_api
scopes must be created and placed in a secrets.token
file:
echo "<access-token>" > secrets.token
echo "secrets.token" >> .gitignore
Make sure to add
secrets.token
to your.gitignore
!
Specify the public information needed to access the GitLab project in the secrets.json
file:
{
"projectId": 12345678,
"gitLabHost": "https://gitlab.somehost.com", // (default is 'https://gitlab.com')
"environment": "dev" // (default is '*')
}
All file options can be replaced or overridden with their respective flags.
Default Behavior
To write all your project's GitLab CI/CD variables for the specified environment into a .env
file in your working directory run:
npx gitlab-secrets-manager
Multiple .env files
If you need to place different secrets in .env
files in different sub-directories you can configure per-directory secrets in the secrets.json
file:
{
"directories": {
"./frontend": "MY_FRONTEND_VAR",
"./backend": ["MY_API_VAR", "MY_DB_VAR", ...],
...
}
}
You can also use the '*'
character to define shared variables to be inserted into all listed directories:
{
"directories": {
"*": ["MY_SHARED_VAR", ...]
"./frontend": "MY_FRONTEND_VAR",
...
}
}
Or to insert all CI/CD variables into a specified directory:
{
"directories": {
"./all": "*",
"./frontend": "MY_FRONTEND_VAR",
...
}
}
Options Reference
For a list of all available secrets.json
-options/CLI-flags and their default values run:
npx gitlab-secrets-manager help
Additionally, secrets.json
allows setting the directories
option for per-directory secrets.
{
...,
"directories": {
"./frontend": "MY_FRONTEND_VAR",
"./backend": ["MY_API_VAR", "MY_DB_VAR", ...],
...
},
...
}
secrets.json
is meant for public options only! Usesecrets.token
for setting the private GitLab access token and include it in your.gitignore
.