Managing Secrets with Gitlab CI
Because the advice "don't check your secrets into source control and then push them to a public repository" advice exists far more than any practical solutions to the problem, here's how I use gitlab CI to manage a few secrets for my Discord bot:
- Discord Bot Token (used to authenticate my bot)
- SSH Keys needed for deployment
Why do I need this?
Your secret keys and tokens should be kept secure. Anyone that discovers your discord bot token can create a bot that logs in and acts as your bot. Hard coding keys and tokens into a publically available projects means that anyone can pretend to be you and cause trouble.
example: you can see my OLD discord token in old commits. I've since revoked that token and updated it.
Gitlab Secret Variables
Git lab CI has built in support for two different kinds of secrets:
-
Secret variables
-
Protected secret variables
The difference between the two, is that Protected secret variables will only be passed to protected branches or protected tags