Logo
Deutsche Flagge
gitlab.git.nrw
Intro
CI/CD Fundamentals
Variables and Secrets in GitLab CI/CD Pipelines
Variables and Secrets in GitLab CI/CD Pipelines
Variable Usage in CI/CD Pipelines
Protected Variables
Masked variables
CI/CD Variable Security
Conclusion
git-vars package
Introduction to `git-vars`
Installing `git-vars` Locally
`git-vars` Configuration
Pulling Variables to Local
Pushing Variables to Local
Managing Project and Group level Environment Variables
Using Different Profiles
Role Based Access Control
Introduction to Role-Based Access Control (RBAC)
Implementing RBAC in GitLab
Best Practices for RBAC in GitLab
Conclusion
Protected Branches and Tags
Protected Branches and Tags in GitLab
Protected Branches and Tags in GitLab
Configuring Protected Branches in GitLab
Configuring Protected Tags in GitLab
Best Practices for Protected Branches and Tags
Conclusion
Security Templates
Security Templates in GitLab CI/CD
Security Templates in GitLab CI/CD
Types of Security Templates in GitLab
Auto DevOps Security Template
Secret Detection Template
Dependency Scanning Template
Static Application Security Testing (SAST) Template
Best Practices for Using Security Templates
Conclusion
Artifact Management
Advanced Artifact Management in GitLab CI/CD
Introduction to Advanced Artifact Management
Introduction to Advanced Artifact Management
Sharing and Versioning
Conclusion

CI/CD Fundamentals

Variable Usage in CI/CD Pipelines

< >

3. Usage of Variables in CI/CD Pipelines

Secret variables are injected as environment variables during pipeline execution, enabling you to securely use them in your CI/CD scripts or commands, without hard-coding them in the .gitlab-ci.ymlfile.

3.1. Step by Step Guide

1. Adding Variables to Your Project

  1. Navigate to your project in GitLab.

  2. Go to Settings > CI/CD.

  3. Expand the Variables section.

    variables.png

  4. Click on Add variable.

  5. Enter the Key and Value for the variable.

  • We will create 2 variables for this example:
    • Variable 1:
      • Key: NORMAL_VAR_1
      • Value: ThisIsNormalValue1
    • Variable 2:
      • Key: NORMAL_VAR_2
      • Value: ThisIsNormalValue2

add-variable.png

  1. Optionally, set the scope of the variable (Project-Level or Group-Level) and mark it as Protected or Masked.
    • Protected: Only available in protected branches or tags.
    • Masked: Prevents the variable’s value from being displayed in job logs.
    • Note: We will cover protected and masked variables in later lessons.
  2. Click Add variable to save the secret variable.

2. Using Variables in .gitlab-ci.yml

Once secret variables are added to your project, you can reference them directly within your .gitlab-ci.yml configuration file.

Example: Using a Secret Variable in a Job to Deploy an Application

deploy_production: 
  stage: deploy 
  script: 
    - deploy_script.sh $PRODUCTION_API_KEY 
  environment: 
    name: production 
  only: - master

In this example, $PRODUCTION_API_KEY is a secret variable injected into the deploy_script.sh script during pipeline execution.