Exporting secure variable as an artifact exposes the variable in plaintext

XMLWordPrintable

    • Severity 3 - Minor

      Issue Summary

      • We have discovered that echoing a secured variable into an artifact exposes this in plaintext when the artifact is downloaded
      • I have tested this on my end and was able to reproduce the problem

      Steps to Reproduce

      1. Create a build step with the following code: 
        - step:
    script:
      - echo $VAR >> var.txt
    artifacts:
      - var.txt
      2. Execute the build and download the resulting artifact, the secured variable shows in plaintext without any encryption/censoring

      Expected Results

      • The secured variable is not exposed in the artifact

      Actual Results

      • The secured variable is exposed in the artifact

      Workaround

      Currently, there is no known workaround for this behavior. A workaround will be added here when available.

            Assignee:
            Unassigned
            Reporter:
            Ben
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: