GitLab Native Secrets Manager

Introduction

A secrets manager is a centralized tool that stores and manages sensitive information throughout its lifecycle.

Current State of Secrets Management within GitLab

GitLab currently does not have a native secrets manager, requiring users to rely on third-party solutions which can be resource-prohibitive.

About the GitLab Secrets Manager

The GitLab secrets manager will be integrated within the GitLab DevSecOps platform, allowing customers to securely store sensitive credentials and reduce the risk of information leaks.

Initial Release Focus

The native secrets manager will initially focus on bringing secrets management to the CI workflow before expanding to other workflows within GitLab. It will prioritize using an open-source secrets manager with a user-friendly GitLab UI.

Aligning with GitLab Security

The secrets manager will integrate seamlessly with existing security capabilities, automatically managing detected secrets, access tokens, and deploy keys. Compliance features will enhance audit logging for better transparency.

Future Direction

While building a native secrets manager, GitLab remains committed to supporting existing third-party integrations with tools like Hashicorp's Vault, Azure Key Vault, and Google Secret Manager.

Conclusion

The GitLab native secrets manager aims to enhance software supply chain security by simplifying secrets management within the GitLab ecosystem, providing users with a comprehensive and user-friendly solution.