Is there a way to mask Gitlab environment variables outside of the UI

I am trying to mask dynamically retrieved and set tokens during Gitlab CI pipelines, however, the only way I can see masking being set is predefined pipeline variables.

Is there a way to flag a variable during the pipeline as masked? I SWEAR I had seen something like this in the past, but for the life of me I cannot find it.

export SECRET=$(get secret somehow)
echo $SECRET #secrettext

Is there a way to mask this on the fly?

Solution

No, GitLab CI doesn't offer this feature. You cannot dynamically register additional values for masking in the job log. GitLab will only mask CICD variables marked for masking in the project settings or values defined and retrieved through the secrets keyword (e.g., Vault secrets).

I SWEAR I had seen something like this in the past

You may be thinking of the add-mask feature in GitHub Actions.

How can I prevent SQL injection in PHP?
How/why is login page redirect required?
Do Electron apps enforce CORS restrictions in the renderer process?
How can i use a reverse shell over global Internet?
Should I Manually Patch the Pandas DataFrame.query() Vulnerability or Wait for an Official Update?
C# - Securely storing a password locally
how to secure keys for API calls from android device to amazon services
Should I add application.properties to .gitignore if the Git repository is private and both the server and DB are on an internal network?
Understanding the port numbers of a network connection strings in systemd output of an ubuntu device
Disable firefox same origin policy
SecurityError: Blocked a frame with origin from accessing a cross-origin frame
Securely decoding a Base64 character array in Java
Is There a Security Risk Using ADB Over TCP/IP for Wireless App Development in Expo?
Is it a good idea to distribute docker image containing my selfsigned certificate?
Is it possible to externalize nested components
How can I make a file trully immutable (non-deletable and read-only)?
Buzz words in architecture document
Docker and securing passwords
Security implications of adding all domains to CORS (Access-Control-Allow-Origin: *)
Is it possible to browse a spreadsheet when an importrange has been authorized?
Wordpress ==> SSL ==> MySQL is this configuration possible?
How to Create Secure(TLS/SSL) Websocket Server
Attackers might be trying to steal your information from (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
openapi generator unauthorized 401 via $ref url in yaml
Deploying a Mercurial Repository to Production - Security Concerns and Tips
How to find tables using row access policies in Snowflake
Issue with CORS origin linked to API key
How to track hacking attempts on a website
Encrypting AES key with RSA public key
Why Does OAuth v2 Have Both Access and Refresh Tokens?