Use secret variables properly

I must be doing something wrong. When I try to use secret variables I can echo them in the terminal. I was expecting them to not appear instead I was hoping to get ********** or something like that. How can I protect authorisation tokens and credentials? When i enable protect toggle then the code does not run. Token is not used.

I’m on the same situation. It’s a huge security failure.

I still did not find a workaround for this… perhaps there can be a change done on the Job logger to hide those variables from the log view even though they are on the server logs, they should not be in the streamed job log that we have in Gitlab EE