Hi all,
I’m working on tightening secrets management in our CI/CD pipelines and wondered if anyone has integrated Passbolt with GitLab CI/CD variables—either directly or via an intermediate script/tool?
We currently use GitLab’s built-in secrets, but would prefer to pull secrets securely from Passbolt to reduce duplication and improve auditing.
If anyone has tips, workflows, or even just gotchas to avoid, I’d love to hear how you approached it.
Cheers,
Jhonn Mick
Hello @jhonnmick,
We published a blog post a while ago, I reckon most of it should still be applicable today: https://www.passbolt.com/blog/gitlab-ci-cd-and-passbolt-secrets-automation
One tip I have, is to be carefull at the frequency for which you’re pulling the secrets. E.g. if if you pull every seconds or multiple times per seconds, there will be an equivalent number of logs entries. We have a task to prune secret access in this context, but in the meantime, something to think about :).
Feel free to give it a try and post your feedback and suggestions for improvement if any, we’re very keen on improving that part of passbolt.
Cheers,
Hello! Have you ever been able to integrate Passbolt CE with Gitlab? Sorry, that process in the link doesn’t seem to work at all. Nevertheless, this secret manager tool seems to be a wonderful tool. I just want to see how integrate it into gitlab to test the CI/CD capabilities. Is there any other tutorial? , maybe, the UI version of the process?
Hi @AlbertoGhub
There is unfortunately no UI for this process. You need a custom gitlab runner as described in the blog post.
Cheers,
Understood… Thanks for the answer… I don’t find any specification on the gitlab runner (I have a custom one). The config is not shown in the post, so can I assume it is just a custom one?
