Hi Shalom Yerushalmy
Thanks a lot for your response. Yes, I think it is secure. It’s just the standard mechanism Travis CI uses to have environment variables. The tokens will never appear in a log.
If you are curious you can find out more on the Travis page.