We're using circleci to do deployments from the production branch which not everybody has write access to, but since all branches share the same environment, users could actually deploy from non-protected branches by modifying the circle.yml. It'd be great to restrict the production deployment credentials to just the master branch.