CI_DEBUG_TRACE exposes secret variables
I have a couple of scripts that are run as part of a project's CI pipeline and some of the scripts are run explicitly on protected branches.
The scripts that are run on protected branches have protected secret variables that are used to SSH to other servers and make this and that.
In case I want to debug something, I set the CI_DEBUG_TRACE variable to true as documented but that results in the job log exposing protected secret variables.
The job log can be deleted but since the commit enabling the CI_DEBUG_TRACE remains there, anyone with access rights can just Retry
that specific job and get the variables exposed again.
What is the suggested way of protecting against the variables leaking and getting rid of that specific commit/job if they already leaked?
That being said/asked, I think it would be better if CI_DEBUG_TRACE did not expose protected secret variables by default.