Restrict environment variables to specific branches

Something that has came up as a feature request, is being able to restrict environment variables to a specific branch or set of branches.

An initial implementation of this, is being able to protect environment variables through the web UI, so that they can only be used in specific branches:

For example, this might be helpful when you have different keys for production vs staging.

There were also a few resources explaining ways to work around this limitation:

How does this work for you? Let me know what you think!

I tried to use it today, but the env vars still showed up on the non-master build… cause pull reqs to master are master. Also, tagged branches often need secrets (because deployment). So it really needs to be a regex for stuff to work.