Merge branch 'variables-build-log' into 'master'

Add notice about variables in build log

Related to: https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/1942

[ci skip]

See merge request !2761

app/views/projects/variables/show.html.haml

@@ -3,9 +3,11 @@
   Secret Variables
 
 %p.light
-  These variables will be set to environment by the runner and will be hidden in the build log.
+  These variables will be set to environment by the runner.
   %br
   So you can use them for passwords, secret keys or whatever you want.
+  %br
+  The value of the variable can be visible in build log if explicitly asked to do so.
 
 %hr
 

config/application.rb

@@ -31,7 +31,7 @@ module Gitlab
     config.encoding = "utf-8"
 
     # Configure sensitive parameters which will be filtered from the log file.
-    config.filter_parameters.push(:password, :password_confirmation, :private_token, :otp_attempt)
+    config.filter_parameters.push(:password, :password_confirmation, :private_token, :otp_attempt, :variables)
 
     # Enable escaping HTML in JSON.
     config.active_support.escape_html_entities_in_json = true

doc/ci/variables/README.md

@@ -77,9 +77,12 @@ More information about Docker integration can be found in [Using Docker Images](
 
 GitLab CI allows you to define per-project **Secure Variables** that are set in build environment. 
 The secure variables are stored out of the repository (the `.gitlab-ci.yml`).
-These variables are securely stored in GitLab CI database and are hidden in the build log.
+The variables are securely passed to GitLab Runner and are available in build environment.
 It's desired method to use them for storing passwords, secret keys or whatever you want.
 
+**The value of the variable can be shown in build log if explicitly asked to do so.**
+If your project is public or internal you can make the builds private.
+
 Secure Variables can added by going to `Project > Variables > Add Variable`.
 
 They will be available for all subsequent builds.