Documentation about Protected secret variables is unclear about consequences of NOT protecting
Description
When creating secret variables it's possible to mark them as "protected", and the docs explain what are the limits of protected variables.
However, there's no word on how unprotected the secret variables are without this option.
- Are they completely open to the public?
- Are they still private, but accessible by all people with access to the project?
- Can shared CI runners leak them to the public?
Proposal
Document what's the worst that can happen to secret variables that aren't protected.
Use cases
I want to disable the "protected branch" setting, because I like to allow force-push. #YOLO. However, I use a secret variable to set my password for cloning private CI repos, so I still care about keeping the variable strictly confidential.
I don't know if my password in the secret variable is safe even if I don't mark it as "protected".