Is currently possible to restrict access to secret env variables for some specific job step? Right now we have a case with certain job steps downloading scripts from external sources and it is important to ensure that those can’t possibly leak secret environment variables.
Only solution I can think of is to null all env vars explicitly:
steps: - run: name: Shady Step environment: MY_ALREADY_DEFINED_SECRET_VAR: dummy
Is there some way I can disable access to all secret vars without maintaining the list manually?