While I agree with @coelmay that that is the easiest way to handle them, I understand your desire to keep them out of your repo. The only environment variables that go to functions (which handle our ISR) are anyway the ones shown in our UI.
So, if you are ok sticking variables in our UI, here’s a way to use selectively per branch:
- use a trick like this to make a context-specific deploy: [Support Guide] Conditional build/deploy behavior for context / branch on Netlify
- in the production deploys, change the variables used - e.g. “for a master build, use MASTER_ENDPOINT, and for any other build use DEV_ENDPOINT”.
This will allow your site to work differently for different branches without committing secrets to the repo.
It does not necessarily prevent your staging/etc deploys from accessing the $MASTER_ENDPOINT, but it should allow you to develop build logic to only use the correct endpoint in your code to achieve your goals in deploying 