Exporting secure variable as an artifact exposes the variable in plaintext

XMLWordPrintable

    • Severity 3 - Minor

      Issue Summary

      • We have discovered that echoing a secured variable into an artifact exposes this in plaintext when the artifact is downloaded
      • I have tested this on my end and was able to reproduce the problem

      Steps to Reproduce

      1. Create a build step with the following code: 
        - step:
    script:
      - echo $VAR >> var.txt
    artifacts:
      - var.txt
      2. Execute the build and download the resulting artifact, the secured variable shows in plaintext without any encryption/censoring

      Expected Results

      • The secured variable is not exposed in the artifact

      Actual Results

      • The secured variable is exposed in the artifact

      Workaround

      Currently, there is no known workaround for this behavior. A workaround will be added here when available.

              Assignee:
              Unassigned
              Reporter:
              Ben
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: