Branch Specific Secret Variables
I would like to be able to inject specific CI variables into the runner that are not available to other developers working in the same project. As the maintainer, I need to use deployment keys in the CI scripts and would like to utilize secret variables. Unfortunately, this allows someone to alter the deployment script on any branch, and deploy test code into the production environment. This action can either be malicious or even by mistake. Imagine checking in a YAML change that accidentally removed the "only" clause from the deploy step.
This can be done by allowing the Owner/Master to create "branch variables" that are hidden. At least then I could lock the "production deployment keys" to the "production branch". Then only people with access to the branch itself would be able to use/see the variables, and it prevents other branches from accidentally being deployed.
Alternative default values can be provided for all other branches.
This request relates to Issue #13784 (closed) and #2905 (closed).