Something that has came up as a feature request, is being able to restrict environment variables to a specific branch or set of branches.
An initial implementation of this, is being able to protect environment variables through the web UI, so that they can only be used in specific branches: https://changelog.travis-ci.com/environment-variables-per-branch-109051
For example, this might be helpful when you have different keys for production vs staging.
There were also a few resources explaining ways to work around this limitation:
How does this work for you? Let me know what you think!