is there a way to expose some environment variables to the build stage only?
based on other threads on the forum, I understand that DB migration scripts should be executed as part of the build process?
I use multiple accounts with my DB: 1 to managing the DB and 1 to run the app, so that the app account can’t delete records or tables.
But the problem with migration through the build phase is that I have to deploy the migration creds via environment variables and those end up in the production environment. Even if not used, they still represent a security issue, b/c they are passed in clear and grant elevated privileges against the DB to whoever can access them.
Ideally, I should be able to bind environment variables / groups only to the build process and not to the deployed instance.
Doable?