Global secrets in circle ci like found in gitlab?

Before getting deep into circleci docs I thought maybe the community could advise.

Currently, we’re on GitHub, but we discovered that there are lots of really poor limitations with shared workflows… 1st and foremost, a shared workflow has to be public and its logs are also potentially public… but also the secrets need to be fed directly from the parent.

The GitHub result would be if we continued:

  • 30+* services manually set up to 1 by 1 inject secrets into a common workflow. Not really scalable and time-consuming to update and generally maintain.

When compared to GitLab this is insane. In GitLab, you can set group secrets that are inherited by all children in the group… so 1 shared GitLab yml file can do 80% of the common tasks and picks up secrets controlled from 1 point. This makes management much more efficient… each service just now includes the common file without additional settings.

The issue we are looking at:

  • github is out, this shared-workflow set of limitations just does not work for us, we’ve waited 6 months but there is zero movement on the topic
  • gitlab does it all, but, it comes with a price tag we as a small company cannot justify… 20 per head per month.

Does circle-ci work the same way as gitlab, can we configure a single shared config that can access common secrets or do we need to in circle do the same as github and pass secrets in 1 by 1?

circleci does not have a built-in ‘advanced’ secrets management tool. What it does have is an environment variable list per project and then what are called ‘Context’ lists that can be injected into the workflow at runtime. You can read the detail here

To be honest I’ve not made any use of contexts as my secrets/variable management is held within the third party tool from that can sync content to project environment variables while providing a lot more control over the values as I can then pass them to other processes.