Why do you say I’m not using dpl v2? I followed those instructions, I added “edge: true”, and the build log shows the v2 gem being installed.
I tried printing the token, in whole rather than in part, and see only the literal string “[secure]”. I’m not sure if all log messages are filtered to prevent disclosure, even when I cat the npmrc file myself in my deploy script. Again, from my reading of the dpl v2 code the secure interpolation output seems like it should be using **** instead of “[secure]”.
Additionally, the script does seem to run my custom npm publish command, and support for a custom publish command with the npm provider doesn’t seem to exist in dpl v1.
So, again, I’m fairly certain I’m using v2, I’m somewhat convinced I’m seeing output that shows the literal value “[secure]” may be the value of the environment variable, rather than the decrypted value, and I’m at a loss for how to debug this.