CI/CD on totoroot's bloghttps://blog.thym.at/tags/ci/cd/Recent content in CI/CD on totoroot's blogHugo -- gohugo.ioen-usTue, 03 Mar 2026 17:17:10 +0100Masked GitLab CI variables need at least 8 charactershttps://blog.thym.at/p/gitlab-masked-vars-min-length/Tue, 03 Mar 2026 17:17:10 +0100https://blog.thym.at/p/gitlab-masked-vars-min-length/<h1 id="masked-gitlab-ci-variables-need-at-least-8-characters">Masked GitLab CI variables need at least 8 characters </h1><p>Today I ran into a small GitLab CI gotcha.</p> <p>I wanted to store an SSH port as a <strong>masked</strong> CI/CD variable, but GitLab rejected it because masked values must satisfy stricter validation rules (including minimum length).</p> <p>A short numeric port value can fail that check.</p> <p>Related discussion: <a class="link" href="https://gitlab.com/gitlab-org/gitlab/-/work_items/465258" target="_blank" rel="noopener" >https://gitlab.com/gitlab-org/gitlab/-/work_items/465258</a></p> <h2 id="workaround">Workaround </h2><p>Store a padded masked variable, then normalize it in CI.</p> <p>Example:</p> <ul> <li><code>DEPLOY_PORT_MASKED=00023456</code> (masked, 8 chars)</li> <li>Convert it back to an integer in the job:</li> </ul> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl"><span class="nv">DEPLOY_PORT</span><span class="o">=</span><span class="s2">&#34;</span><span class="k">$((</span><span class="m">10#</span><span class="nv">$DEPLOY_PORT_MASKED</span><span class="k">))</span><span class="s2">&#34;</span> </span></span><span class="line"><span class="cl"><span class="nb">export</span> DEPLOY_PORT </span></span></code></pre></div><p>Then use <code>DEPLOY_PORT</code> normally:</p> <div class="highlight"><pre tabindex="0" class="chroma"><code class="language-sh" data-lang="sh"><span class="line"><span class="cl">ssh -p <span class="s2">&#34;</span><span class="nv">$DEPLOY_PORT</span><span class="s2">&#34;</span> ... </span></span></code></pre></div><h2 id="why-10-matters">Why <code>10#</code> matters </h2><p><code>10#</code> forces base-10 parsing and safely strips leading zeros. Without it, shell arithmetic can misinterpret leading-zero numbers in some cases.</p> <h2 id="result">Result </h2><p>I can keep the value masked in GitLab and still use the intended port at runtime.</p>