Skip to main content
Create or update a GitLab CI/CD variable on a project without leaving the terminal. The command resolves the target project from the origin remote in .git/config in the current directory, reads your saved token, and calls the GitLab API to create the variable — or update it in place when the key already exists. The variable is masked so its value is hidden in job logs. When it finishes, it prints the project’s CI/CD settings URL where the variable can be seen. Pushing a variable requires a GitLab token saved with gitlab:credentials:create. The token (a Personal Access Token with the api scope) is read from ~/.talos/credentials/gitlab.yml.
The host is taken from the origin remote, so self-managed GitLab instances work too — a git@gitlab.example.com:group/app.git remote targets https://gitlab.example.com/api/v4. Nested subgroup paths (group/subgroup/project) are supported.

Usage

talos gitlab:secret:push [options]
Run this from inside the repository whose variable you want to set — the project path is taken from that repository’s origin remote.

Examples

Run with no flags to be prompted for the variable name and value (the value input is hidden):
talos gitlab:secret:push
Provide the name and value non-interactively (useful in CI):
talos gitlab:secret:push --name=DEPLOY_TOKEN --value="$DEPLOY_TOKEN"

Options

OptionDescriptionDefault
--nameName (key) of the CI/CD variable to create or update.Prompted if omitted
--valueValue to store for the variable.Prompted (hidden) if omitted
--silentSuppress the spinner, success message, and settings URL.false
The command fails if it cannot find a GitLab token, cannot determine the project from .git/config, or the GitLab API rejects the request. Because the variable is created masked, the value must satisfy GitLab’s masking requirements — the API error explains what to fix when it does not.