feat: --secret-env <env-var-name>

[dsherret]

Experiment.

This allows for specifying environment variables that should be hidden from user code, but sent if contained in fetch headers.

For example, with the following code:

> SECRET_VALUE=123 deno run --secret-env SECRET_VALUE --allow-net=example.com main.ts

...main.ts won't see the SECRET_VALUE of 123, but instead will see a placeholder value. Then when the request is sent to say example.com containing that placeholder value it will be replaced with 123.

This has some obvious limitations like the environment variable value needing to actually be used in user code (ex. it's base64-ed or something).

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide your own instructions using the high_level_summary_instructions setting.
• Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
4. 📊 Contributor Summary — Include a Markdown table showing contributions:
   | Contributor | Lines Added | Lines Removed | Files Changed |
5. ✔️ Additional Notes — Add any extra reviewer context.
   Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[timnew]

What if I have the following code:

const { execSync } = require('node:child_process');

const secret = execSync('bash -lc \'printf "%s" "$secret"\'').toString();

console.log(secret);

[dsherret]

What if I have the following code:

const { execSync } = require('node:child_process');

const secret = execSync('bash -lc \'printf "%s" "$secret"\'').toString();

console.log(secret);

It will have the placeholder value. This is only for fetch headers atm.