How to hide sensitive variables

I’m making an api call from within my automate code. The get request requires a sensitive access token. I don’t want to commit this to version control. Is there a way to access environment variables or some other mechanism of protecting this sensitive data?

Are you making the call from Ruby or Ansible? If from Ansible, could you use a vault file? If from Ruby could you store this in a password field in a configuration domain? Both of these would be store encrypted in your SCM.


From Ruby. Good call about the password field. I forgot about that. Thank you!