Is it possible to supply a different value for a variable depending on whether the CI job is running on a protected branch?

A typical scenario would be to provide read-only Nexus credentials for general jobs (e.g. feature branches), but read-write credentials for the protected develop and master branches, which publish snapshots & releases to Nexus.

In the CI variables configuration section, I tried the following out, but met an error:

22%20PM1506×512 32 KB

An alternative would be to use two different variable names, but this puts the burden on every CI script across projects to probe for which variable is defined (in the above case for both a username & password), which spreads complexity all over the place.

What do most people do to satisfy this use case? Any existing feature requests that are relevant?

I figured out a technique that works for this - create a public (non-protected) variable in a group, then at a lower-level group or project, create a protected variable of the same name. Protected branches in this group/project will see the protected value, and non-protected branches will see the inherited non-protected value.