As mentioned in this thread on GitLab's bug tracker, the issue can arise when carriage return characters (\r) are added to the variable (a.k.a. "secret"). This can be worked around by piping to tr -d "\r" to delete these characters, leaving the SSH key correctly formed.
An example in your CI would be:
ssh-add <(echo "${SSH_priv_key_b64}" | base64 --decode | tr -d "\r")Note that base 64 encoding is necessary to use an SSH key with the "masked" and "protected" properties.
