diff --git a/ExpressAPI/src/managers/GitlabManager.ts b/ExpressAPI/src/managers/GitlabManager.ts
index 74180c495f713256146c38afa7039e7aac941fe9..9bc2e876a8989befea92474bed0a78d6fd18aba7 100644
--- a/ExpressAPI/src/managers/GitlabManager.ts
+++ b/ExpressAPI/src/managers/GitlabManager.ts
@@ -91,6 +91,18 @@ class GitlabManager {
         return response.data;
     }
 
+    async addRepositoryVariable(repoId: number, key: string, value: string, isProtected: boolean, isMasked: boolean): Promise<GitlabMember> {
+        const response = await axios.post<GitlabMember>(this.getApiUrl(GitlabRoutes.REPOSITORY_VARIABLES_ADD).replace('{{id}}', String(repoId)), {
+            key          : key,
+            variable_type: 'env_var',
+            value        : value,
+            protected    : isProtected,
+            masked       : isMasked
+        });
+
+        return response.data;
+    }
+
     async checkTemplateAccess(idOrNamespace: string, req: ApiRequest): Promise<StatusCodes> {
         // Get the Gitlab project and check if it have public or internal visibility
         try {
@@ -121,6 +133,18 @@ class GitlabManager {
 
         return isUsersAtLeastReporter.user && isUsersAtLeastReporter.dojo ? StatusCodes.OK : StatusCodes.UNAUTHORIZED;
     }
+
+    async protectBranch(repoId: number, branchName: string, allowForcePush: boolean, allowedToMerge: GitlabAccessLevel, allowedToPush: GitlabAccessLevel, allowedToUnprotect: GitlabAccessLevel): Promise<GitlabMember> {
+        const response = await axios.post<GitlabMember>(this.getApiUrl(GitlabRoutes.REPOSITORY_BRANCHES_PROTECT).replace('{{id}}', String(repoId)), {
+            name                  : branchName,
+            allow_force_push      : allowForcePush,
+            merge_access_level    : allowedToMerge.valueOf(),
+            push_access_level     : allowedToPush.valueOf(),
+            unprotect_access_level: allowedToUnprotect.valueOf()
+        });
+
+        return response.data;
+    }
 }
 
 
diff --git a/ExpressAPI/src/routes/ExerciceRoutes.ts b/ExpressAPI/src/routes/ExerciceRoutes.ts
index 84e6cba7279177094eaf6fe335e651f29b8c7d4a..f07dbd0ce3a68e8234763fe0d25b427cd326b4a2 100644
--- a/ExpressAPI/src/routes/ExerciceRoutes.ts
+++ b/ExpressAPI/src/routes/ExerciceRoutes.ts
@@ -57,6 +57,12 @@ class ExerciceRoutes implements RoutesManager {
         do {
             try {
                 repository = await GitlabManager.forkRepository((enonce.gitlabCreationInfo as unknown as GitlabRepository).id, this.getExerciceName(enonce, params.members, suffix), this.getExercicePath(req.boundParams.enonce, exerciceId), Config.exercice.default.description.replace('{{ENONCE_NAME}}', enonce.name), Config.exercice.default.visibility, Config.gitlab.group.exercices);
+
+                await GitlabManager.protectBranch(repository.id, '*', false, GitlabAccessLevel.DEVELOPER, GitlabAccessLevel.DEVELOPER, GitlabAccessLevel.DEVELOPER);
+
+                await GitlabManager.addRepositoryVariable(repository.id, 'DOJO_EXERCICE_ID', exerciceId, false, true);
+                await GitlabManager.addRepositoryVariable(repository.id, 'DOJO_SECRET', secret, false, true);
+
                 break;
             } catch ( error ) {
                 if ( error instanceof AxiosError ) {