Protecting API keys in environment variables

Would be great if you could nominate when creating an environment variable that it should be kept secret.

Flagging the variable as a secret could then have the following effects:

  • Filter the build log to mask the secret value if found (most secrets are hex/base64/simple-passwords so unlikely to have special encoding if accidentally emitted)
  • Make the secret write-only in the UI, i.e. users can see that there is a value configured and it’s name but not copy/view what the current value is.


1 Like

:+1: this request :100:

Especially, since there is some work going on in logging from what I read in another post:

1 Like