Ability to quickly change visibility of environment variable value

As of now, In the Settings page, I have to delete an environment variable, reset it and make sure to turn on the Display value in build log setting.

I’d like it to be possible to simply click on an icon - an eye icon for example - to switch the visibility of the env var in the build log. Would save me some time.

Cheers.

Hey @Nick! Thanks so much for the suggestion - it’s an interesting one. I love the idea, but at this point, it’s a fairly difficult implementation as we treat our streaming and archived logs as a blob of text, so retroactively hiding a particular value is “interesting”… that said, we’re considering different ideas/improvements to logs - so we’ll definitely keep this in mind for the future. Super interested too, if others are curious about this feature as well. Thanks a ton for the recommendation!

I think @Nick meant flipping visibility for the new builds. As a replacement for the current remove-then-add-back flow. It’s much easier to implement.

Ahhhh… thanks @webknjaz - that makes good sense! Interesting… I like this idea! Will check back here to see if it’s possible to slot into potential env var improvements

2 Likes

Hi @Nick and @webknjaz! Thanks a lot for the suggestion and the follow-up!

Could you elaborate on an example in which this feature would be useful to you?

Secret environment variables are normally secret because they’re private, so making them public in the build log and then private again sounds like a potential unintended breach?

Would love to hear a bit more on your use-cases though :slight_smile: Let us know!

I have different example in which this kind of feature would be useful: I need the contents of a (secret) environment variable as I didn’t think to save it somewhere else before hand. Note that as I have access to the master branch of the repository in question, I could simply deploy a script that prints/transfers the environment variable to me, but the risks of a potential unintended breach are quite large in this scenario.

Perhaps some kind of warning like “are you sure you want to toggle the visibility here?” would be an option?

For this, no need to toggle visibility – it would be enough to just “show the value” in the UI.

I guess Travis (following Github) doesn’t include this as an additional layer of protection – since you are logged in automatically when you visit Travis’ site.
They could request Github’s password for this action like Github does when accessing some repository settings if that’s possible.

Any update on this ? Seems quite strange we’re able to enter (for instance) AWS keys for S3 access but then don’t have the option to see the contents (value) of this key… Now I have to create a new key on AWS, add it to the repository settings and hope I don’t make a mistake in the copying part :frowning:

That’s exactly what you’re supposed to do. Keys like this are intended to be as fine-grained as practical – ideally, each key with a single purpose. So that you can revoke it pronto at first sign of trouble and be sure you won’t affect anything else.


FWIW, you can print the contents of a secret envvar in a build if you do that in parts – since the filter only censors the full value.
I guess you can also print it in debug console.

Imprint