Would be great if you could nominate when creating an environment variable that it should be kept secret.
Flagging the variable as a secret could then have the following effects:
- Filter the build log to mask the secret value if found (most secrets are hex/base64/simple-passwords so unlikely to have special encoding if accidentally emitted)
- Make the secret write-only in the UI, i.e. users can see that there is a value configured and it’s name but not copy/view what the current value is.