Global Site Settings Shared Environment Variables as secrets?

This is just a general inquiry.

Can Global Site Settings >> Shared Environment Variables be used as “secrets” for individual sites/deploys?

We have many, many API keys. Some are more sensitive that others. The environment variables in the individual sites are a bit too visible to all collaborators.

It seems that Global Site Settings >> Shared Environment Variables are not visible to the “collaborator” role in the GUI, and are not visible to collaborators via npx netlify env:list

I don’t know if the Global Site Settings >> Shared Environment Variables can be used by “collaborators” running npx netlify build locally though.

Hey @moop-moop,
My colleague and I set up a demo of this where she made me a collaborator of her team and set global environment variables. We confirmed that she was able to access those variables as account owner but I was not able to access them in the UI or locally with netlify env:list or netlify build. Let us know if that addresses your concerns or if there’s anything else we can do to help!

Wanted to elaborate on this since I touched base with the product manager who works on our build system: while the global variables are not available to collaborators to print locally, it is still not secure to use our global environment variables in the way you’re asking about. Aside from our sensitive variable policy, our git-based deploys don’t have a concept of who is triggering the deploy, and all deploys have access to the env variables they need in order to be built. A user with deploy access to your repo could add a console.log to print all env vars and those would appear in the deploy logs on Netlify.