Gitlab-runner environment variables hidden not working witout white spaces Mend Renovate - Stack Overflow

When I configure gitlab env variable RENOVATE_GIT_PRIVATE_KEY I want to configure it as masked and hidden, so I remove whitespaces and line breaks, -----BEGIN PGP PRIVATE KEY BLOCK----- and -----END PGP PRIVATE KEY BLOCK----- and I get following error:

ExecError: Command failed: gpg --batch --no-tty --import /tmp/git-private-gpg.key\ngpg: no valid OpenPGP data found.\ngpg: Total number processed: 0

When I configure the same gpg key as visible variable, like this is working:

-----BEGIN PGP PRIVATE KEY BLOCK-----
lQcYBGeY2+0BEADNxZwFoLPU13ZQ4QqYPa5ZAtO2pGSVeHjWOj0EJmJNhySV/mXp
IjhDOX09ObpUg2AvPSHdA3uG7f764K10GI2SEg0iyzZZoKpGJlbakvwgnl1eR8D/
...
-----END PGP PRIVATE KEY BLOCK-----

Gitlab version: v17.6.1-ee

When I configure gitlab env variable RENOVATE_GIT_PRIVATE_KEY I want to configure it as masked and hidden, so I remove whitespaces and line breaks, -----BEGIN PGP PRIVATE KEY BLOCK----- and -----END PGP PRIVATE KEY BLOCK----- and I get following error:

ExecError: Command failed: gpg --batch --no-tty --import /tmp/git-private-gpg.key\ngpg: no valid OpenPGP data found.\ngpg: Total number processed: 0

When I configure the same gpg key as visible variable, like this is working:

-----BEGIN PGP PRIVATE KEY BLOCK-----
lQcYBGeY2+0BEADNxZwFoLPU13ZQ4QqYPa5ZAtO2pGSVeHjWOj0EJmJNhySV/mXp
IjhDOX09ObpUg2AvPSHdA3uG7f764K10GI2SEg0iyzZZoKpGJlbakvwgnl1eR8D/
...
-----END PGP PRIVATE KEY BLOCK-----

Gitlab version: v17.6.1-ee

• gitlab
• gitlab-ci
• gitlab-ci-runner
• renovate

Share Improve this question Follow asked Jan 29 at 11:13 Wojciech RakWojciech Rak 60066 silver badges1717 bronze badges 4

• The variable content should be the same no matter if you set it as hidden/masked or not. Why are you removing the begin/end lines? – Gaël J Commented Jan 30 at 20:53
• Also what command are you running? What does your GitLab CI file look like? – Gaël J Commented Jan 30 at 20:53
• @GaëlJ Only Visible gitlab variables could contain whitespaces like linebreak and spaces. For masked/hidden I get: This value cannot be masked because it contains the following characters: whitespace characters. – Wojciech Rak Commented Jan 31 at 20:44
• @GaëlJ I have separate project for renovate runner: gitlab.com/gitlab-com/gl-infra/renovate/renovate-runner and in main project I include it: include: - project: '../renovate-bot' ref: main file: '/templates/renovate.gitlab-ci.yml' and use: renovate: stage: deploy extends: .renovate – Wojciech Rak Commented Jan 31 at 20:45

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

Consider using Gitlab CI variables of the file type. These are perfect for anything that you would usually put into file, such as PGP/SSH keys.

The way they work is a little convoluted: when the variable is referenced in the script section anywhere in your pipeline, Gitlab created a temporary file with the content equal to the value of the CI/CD variable you originally defined. The name of the variable is used to define an environment variable in the context of the script section, and the value of that environment variable is an absolute path to the temporary file mentioned above.

So, when you create a CI/CD variable RENOVATE_GIT_PRIVATE_KEY, choose "File" as the variable type, set the value to

-----BEGIN PGP PRIVATE KEY BLOCK-----
lQcYBGeY2+0BEADNxZwFoLPU13ZQ4QqYPa5ZAtO2pGSVeHjWOj0EJmJNhySV/mXp
IjhDOX09ObpUg2AvPSHdA3uG7f764K10GI2SEg0iyzZZoKpGJlbakvwgnl1eR8D/
...
-----END PGP PRIVATE KEY BLOCK-----

and later reference this CI/CD variable RENOVATE_GIT_PRIVATE_KEY anywhere in the script section, Gitlab will create a temporary file (e.g. /tmp/gitlab-tmp-29837492837), write the -----BEGIN PGP PRIVATE KEY BLOCK-----.... text to that file, then create an environment variable called RENOVATE_GIT_PRIVATE_KEY whose value is set to /tmp/gitlab-tmp-29837492837.