I've been working on adding configuration management via environment variables at work. We allow setting configs via the command line, but it posts a notification to our devops room in Hipchat showing who made the change, and which config was changed, but not the new value.
This means that people can see what is going on, without having full access to the settings which may be sensitive.
I suppose you could also set sensitive credentials in a one on one chat with Hubot.
I've seen this done by locking the room, too. That way, everyone in the room when you make the change sees everything (and can check your work), but it's not recorded in the transcripts.
This means that people can see what is going on, without having full access to the settings which may be sensitive.
I suppose you could also set sensitive credentials in a one on one chat with Hubot.