From 7bb8286562b38525ef7fc2140ae84768c7555cb9 Mon Sep 17 00:00:00 2001
From: Steve Azzopardi <steveazz@outlook.com>
Date: Sun, 28 Apr 2019 22:55:04 +0000
Subject: [PATCH] Clarify masked variables docs

- Add note that must contain only letters, numbers, underscore
- Add example of escape characters
- Add regex used for validation

closes https://gitlab.com/gitlab-org/gitlab-ce/issues/60785
---
 doc/ci/variables/README.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/doc/ci/variables/README.md b/doc/ci/variables/README.md
index 9983b015b31..6313ffc584d 100644
--- a/doc/ci/variables/README.md
+++ b/doc/ci/variables/README.md
@@ -143,14 +143,16 @@ This means that the value of the variable will be hidden in job logs,
 though it must match certain requirements to do so:
 
 - The value must be in a single line.
-- The value must not have escape characters.
+- The value must contain only letters, numbers, or underscores.
+- The value must not have escape characters, such as `\"`
 - The value must not use variables.
 - The value must not have any whitespace.
 - The value must be at least 8 characters long.
 
-If the value does not meet the requirements above, then the CI variable will fail to save.
-In order to save, either alter the value to meet the masking requirements
-or disable `Masked` for the variable.
+The above rules are validated using the regex `/\A\w{8,}\z/`. If the value
+does not meet the requirements above, then the CI variable will fail to save.
+In order to save, either alter the value to meet the masking requirements or
+disable `Masked` for the variable.
 
 ### Syntax of environment variables in job scripts