diff options
Diffstat (limited to 'doc/user/project/integrations/harbor.md')
-rw-r--r-- | doc/user/project/integrations/harbor.md | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/doc/user/project/integrations/harbor.md b/doc/user/project/integrations/harbor.md index da35f0dc226..535703ff59e 100644 --- a/doc/user/project/integrations/harbor.md +++ b/doc/user/project/integrations/harbor.md @@ -25,7 +25,7 @@ In the Harbor instance, ensure that: GitLab supports integrating Harbor projects at the group or project level. Complete these steps in GitLab: -1. On the top bar, select **Menu > Projects** and find your project. +1. On the top bar, select **Main menu > Projects** and find your project. 1. On the left sidebar, select **Settings > Integrations**. 1. Select **Harbor**. 1. Turn on the **Active** toggle under **Enable Integration**. @@ -42,7 +42,9 @@ After the Harbor integration is activated: - The global variables `$HARBOR_USERNAME`, `$HARBOR_HOST`, `$HARBOR_OCI`, `$HARBOR_PASSWORD`, `$HARBOR_URL`, and `$HARBOR_PROJECT` are created for CI/CD use. - The project-level integration settings override the group-level integration settings. -## Secure your requests to the Harbor APIs +## Security considerations + +### Secure your requests to the Harbor APIs For each API request through the Harbor integration, the credentials for your connection to the Harbor API use the `username:password` combination. The following are suggestions for safe use: @@ -51,6 +53,12 @@ the `username:password` combination. The following are suggestions for safe use: - Follow the principle of least privilege (for access on Harbor) with your credentials. - Have a rotation policy on your credentials. +### CI/CD variable security + +Malicious code pushed to your `.gitlab-ci.yml` file could compromise your variables, including +`$HARBOR_PASSWORD`, and send them to a third-party server. For more details, see +[CI/CD variable security](../../../ci/variables/index.md#cicd-variable-security). + ## Examples of Harbor variables in CI/CD ### Push a Docker image with kaniko |