tag:help.appveyor.com,2012-11-13:/discussions/problems/4005-script-deployment-is-too-risky-even-with-secured-variablesAppVeyor: Discussion 2018-10-19T08:17:43Ztag:help.appveyor.com,2012-11-13:Comment/389717482016-01-21T18:40:16Z2016-01-21T18:40:16ZScript deployment is too risky even with secured variables.<div><p>Just put sensitive information into secured variables and then
use them in your scripts.</p>
<p>In batch:</p>
<pre>
<code>mycommand %mysecurevar%</code>
</pre>
<p>In PowerShell:</p>
<pre>
<code>mycommand $env:mysecurevar</code>
</pre>
<p>It's pretty reliable - commands are shown "as is", variables are
not shown in the build log and secure variables are not set during
PR builds - unless, yes, you do a mistake and just output a
variable with something like <code>echo %mysecurevar%</code>.</p></div>Feodor Fitsnertag:help.appveyor.com,2012-11-13:Comment/389717482016-01-21T19:19:29Z2016-01-21T19:19:29ZScript deployment is too risky even with secured variables.<div><p>Not really if I call something like git it will glad print both
username and password.</p></div>jannickboesetag:help.appveyor.com,2012-11-13:Comment/389717482016-01-21T19:23:24Z2016-01-21T19:24:52ZScript deployment is too risky even with secured variables.<div><p>The problem is unless you are very careful and even then just a
single slip up and your passwords are displayed in the log forever
requiring you to delete your project. Thats why when it comes to
sensitive information I want to make absolutely sure nothing can go
wrong.</p>
<p>Also consider it might not be the same people maintaining the
build setup, I don't understand why this is even up for debate,
this is clearly a major problem. Especially if you work in a larger
company.</p></div>jannickboese