EAS update should respect expo.dev dashboard secrets by default

I have 17 env secrets (api keys, google service json, etc), that disappear after running an EAS update. It’s not practical to inline all of these variables in the command line every time. They are “set and forget.” so it doesn’t make sense to have to maintain a reference to them on a machine that runs the update command. Is there any solution other than manually inlining them? Is there a plan for EAS update to remember the previously available environment variables and only update the ones specifically inlined during the update command? This would be the most intuitive behavior.

EAS secrets as the name suggest are secrets. We do not have any API that allows to download them and we don’t plan to add it. Secretes work the same way as in any other CI, they are provided as envs during the CI job, but updates are built on your local device and only the result is uploaded to the server.

If you are using those values in your js code, then they are not really a secrets. Anyone can read those values from js bundle, by unzipin apk/ipa file, or even by accessfin phone filesystem where app is installed. So instead of using secrets you should just commit those values in your repo.