Working with GitLab Secure Files feature

[Ian2020]

Hi,

First thanks for making this tool, it's so useful and saving me a lot of time.

I am using GitLab's project-level secure files feature. Essentially you add an extra step to your build process and secure files (uploaded separately in GitLab UI) magically appear in $CWD/.secure_files during the CI build. This only works on the real GitLab runner of course as an auth token they inject has to be present to fetch the secure files.

My first thought to make this work with gitlab-ci-local is to use an extra volume (I am using container builds):

gitlab-ci-local --volume "/path/to/local/secure/files/:/gcl-builds/.secure_files/:ro"

...then in my build I make sure to skip the secure files download if the dir already exists:

( test -d .secure_files && echo "SKIPPED .secure_files dir present" ) || \
  curl --silent "https://gitlab.com/gitlab-org/incubation-engineering/mobile-devops/download-secure-files/-/raw/main/installer" | bash

I couldn't find any existing discussion of secure files here so thought I drop this note in case it helps someone else or there's a better way?

[Ian2020]

Since #1489 (May 2025) this now needs to be:

gitlab-ci-local --volume "/path/to/local/secure/files/:/builds/[REMOTE-GROUP]/[REMOTE-PROJECT]/.secure_files/:ro"

...where REMOTE-GROUP is the full group in GitLab and and REMOTE-PROJECT is the project name. Or you can set CI_BUILDS_DIR back to what it was before:

gitlab-ci-local --variable CI_BUILDS_DIR=/gcl-builds --volume "/path/to/local/secure/files/:/gcl-builds/.secure_files/:ro"