Marking specific job step as untrusted

envars
circle.yml
security

#1

Is currently possible to restrict access to secret env variables for some specific job step? Right now we have a case with certain job steps downloading scripts from external sources and it is important to ensure that those can’t possibly leak secret environment variables.

Only solution I can think of is to null all env vars explicitly:

    steps:
      - run:
          name: Shady Step
          environment:
            MY_ALREADY_DEFINED_SECRET_VAR: dummy

Is there some way I can disable access to all secret vars without maintaining the list manually?


#2