I've been moving pipelines to passwordless / OIDC authentication, and have zero secrets left in some projects. But because OIDC is configured by environment variables, I still have a bunch of masked variables to set this up, making it impossible to view the current settings. This needs to be prioritized to improve the OIDC auth story. I'd even be happy with disabling masking for entire contexts if nothing else.

I hope this get prioritized soon!

I would love to have this implemented by Circle CI team. This is one of the must have feature and not to force the user with all variables masked and instead better to let user decide which one to mask.

This would also be super helpful for our builds. We like being able to centralise & manage our environment variables in CircleCI, but don't always use them for storing credentials. Not being able to see their values in this instance detracts from what would otherwise be a really good feature.

I came here to log the same issue. It's extremely frustrating to be penalized for not wanting to hardcode certain things like Docker/ECR repos into our build configs. This issue is nearly four years old!

+100 Major missing feature vs. GitHub Actions.

This forced masking of all environment vars without an opt-out whitelist is an anti-pattern.

There's a difference between secrets and environment variables, however other than where they're generated they are now treated exactly the same.

Seeing environment variables allows us to print instructions for our engineers to run failed tests locally instead of through CI. This is a major use case for us.

Give the option to completely mask a value (like passwords) or leave it completely visible. Azure has it, Octopus deploy has it, wouldn't hurt if CircleCI had the same implementation. This half shown values are absolutely useless.

It seems that this security measure was implemented in something of a cack-handed way (clumsy, awkward). I am currently trying to control my builds using 'infrastructure as code' type processes which means a lot of environment variables are being passed into the build process and the resulting running environment as tests are performed. The result is that all I see is a sea of '*' characters in the log files.

Not all environment variables are secrets - for my environment, they are often just variables that detail a docker repo, container or version. Currently, I lose all this detail in my logs.

The logical solution would be to have a flag that can be set at the run command level to turn this processing off when needed. The current solution of asking for the feature to be disabled at the project level is just as cack-handed as some variables are secrets.