Variables
Use workspace placeholders safely for targets, scopes, and reusable command values.
Variables let you reuse values across commands and workflows without copying the same text into every record. Examples include target hostnames, scope labels, case IDs, and environment names.
Workspace variables vs session variables
WorkCheats has two variable scopes:
| Scope | Where stored | Typical use |
|---|---|---|
| Workspace variables | Variables page for your personal or team workspace | Shared defaults across commands and workflows |
| Session variables | Individual workflow run (session) | Per-engagement overrides that do not change workspace rows |
Workspace variables are documented on this page. For per-session overrides during workflow runs, see Session variables.
What workspace variables are
A workspace variable is a named value stored in your current workspace. Commands and workflows can reference variables by placeholder syntax so you update one value instead of many command bodies.
Variables are content configuration — WorkCheats does not execute commands when variables are applied or substituted for display.
Safe placeholder usage
Follow these practices:
- Use descriptive variable names (
target_host,scope_label) instead of opaque codes. - Prefer placeholders for values that change between engagements, not for secrets you should never store in plain text.
- Review substituted output before copying commands to a terminal.
- Treat imported variable definitions as untrusted until you validate them (see Import & Export).
Sensitive values and masking
WorkCheats is not a secrets manager.
- Do not store passwords, API keys, tokens, or private keys in variables unless your organisation explicitly allows it and you accept the risk.
- Use external secret stores for credentials and reference them manually when running commands.
- Masking is a UI safety aid, not a permission boundary. Sensitive names may show a masked preview in the app, but workspace members with access can still view workspace variable values according to workspace permissions.
- In team workspaces, assume teammates with access can read variables you store there.
If you are unsure whether a value is safe to store, keep it out of WorkCheats and enter it only in your local environment.
Workspace scope
Workspace variables are scoped to your current workspace:
- Personal workspace — variables belong to your account.
- Team workspace — variables are shared with team members who have access.
Manage workspace variables from the Variables page in your workspace sidebar. During an active session, use the session variables panel for per-run overrides — see Session variables.
Screenshot placeholder: Variables page listing workspace variables with names and masked preview values.
Export and logging
Workspace variables are managed in the web app. There is no separate workspace-variable export flow in the current product slice.
WorkCheats avoids logging variable values in service diagnostics — only safe metadata such as action names and identifiers may be recorded. This does not change who can read variables inside the app.
Current
- Create, edit, and reference workspace variables in the web app
- Workspace-scoped variable lists for personal and team accounts
- Placeholder usage in commands and workflow steps (content only — not execution)
- UI masking for sensitive variable names
- Independent session variable overrides during workflow runs
Roadmap
The following are not available yet:
- CLI masked variables — show variable values in the terminal with masking rules via
wcheats - Advanced variable typing, validation rules, and per-environment profiles
- Automatic rotation or integration with external secret managers
See wcheats CLI for current CLI scope.

