gitlab-org--gitlab-foss/doc/user/project/issues/confidential_issues.md

4.7 KiB

stage group info
Plan Project Management To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments

Confidential issues (FREE)

Confidential issues are issues visible only to members of a project with sufficient permissions. Confidential issues can be used by open source projects and companies alike to keep security vulnerabilities private or prevent surprises from leaking out.

Making an issue confidential

You can make an issue confidential during issue creation or by editing an existing one.

When you create a new issue, a checkbox right below the text area is available to mark the issue as confidential. Check that box and hit the Create issue button to create the issue. For existing issues, edit them, check the confidential checkbox and hit Save changes.

Creating a new confidential issue

Modifying issue confidentiality

There are two ways to change an issue's confidentiality.

The first way is to edit the issue and toggle the confidentiality checkbox. After you save the issue, the confidentiality of the issue is updated.

The second way is to locate the Confidentiality section in the sidebar and click Edit. A popup should appear and give you the option to turn on or turn off confidentiality.

Turn off confidentiality Turn on confidentiality
Turn off confidentiality Turn on confidentiality

Every change from regular to confidential and vice versa, is indicated by a system note in the issue's comments.

Confidential issues system notes

Indications of a confidential issue

There are a few things that visually separate a confidential issue from a regular one. In the issues index page view, you can see the eye-slash ((eye-slash)) icon next to the issues that are marked as confidential:

Confidential issues index page

If you don't have enough permissions, you cannot see confidential issues at all.


Likewise, while inside the issue, you can see the eye-slash icon right next to the issue number. There is also an indicator in the comment area that the issue you are commenting on is confidential.

Confidential issue page

There is also an indicator on the sidebar denoting confidentiality.

Confidential issue Not confidential issue
Sidebar confidential issue Sidebar not confidential issue

Merge requests for confidential issues

Although you can make issues be confidential in public projects, you cannot make confidential merge requests. Learn how to create merge requests for confidential issues that prevent leaks of private data.

Permissions and access to confidential issues

There are two kinds of level access for confidential issues. The general rule is that confidential issues are visible only to members of a project with at least the Reporter role. However, a guest user can also create confidential issues, but can only view the ones that they created themselves.

Confidential issues are also hidden in search results for unprivileged users. For example, here's what a user with the Maintainer role and the Guest role sees in the project's search results respectively.

Maintainer role Guest role
Confidential issues search by maintainer Confidential issues search by guest