The documentation on protected variables is pretty obscure. When I make a variable as protected I have to idea how to access it. No matter what I do it is always empty. I have tried base64 encoding it and then base64 encoding it again in the pipeline so I can see what it is and I get an empty string: Cg==. Can someone please explain how to use protected variables?
-
Are you trying this on a protected branch or tag in the CI environment?secustor– secustor2019-09-22 08:27:33 +00:00Commented Sep 22, 2019 at 8:27
-
No, on master branch which has been unprotectedJosh Woodcock– Josh Woodcock2019-09-22 13:13:50 +00:00Commented Sep 22, 2019 at 13:13
Add a comment
|
2 Answers
As @secustor wrote, it is not possible to access protected variables from a branch or tag that is not protected. The variable would be empty if accessed.
From here, two options:
Push to a protected branch or tag (set the branch/tag protected in Settings > Repository)
Mark the variable as not protected (in Settings > CI/CD, under "Variables")
Again, as mentioned by @secustor, there is a good reason behind this logic. You might not want all the developers in your team to be able to access these variables.
Comments
Protected variables are only available if there is a job on a protected branch or tag.
The reasoning behind this is to allow setups which prevent right escalations. E.g. Credentials for the testing environment for Developers on all branches and deployable credentials only on master/release branches. To add code to the second you need Maintainer rights. In this example, without protected variables, anyone with Developer rights could print the deploy credentials in their branch.
1 Comment
Josh Woodcock
Thanks. Can you please add the steps with screen shots to create and use a protected variable and I will accept your answer. I think your explanation while it may be accurate still does not show how to use protected variables