Docs

Variables

Use workspace placeholders safely for targets, scopes, and reusable command values.

Variables let you reuse values across commands and workflows without copying the same text into every record. Examples include target hostnames, scope labels, case IDs, and environment names.

Workspace variables vs session variables

WorkCheats has two variable scopes:

ScopeWhere storedTypical use
Workspace variablesVariables page for your personal or team workspaceShared defaults across commands and workflows
Session variablesIndividual workflow run (session)Per-engagement overrides that do not change workspace rows

Workspace variables are documented on this page. For per-session overrides during workflow runs, see Session variables.

What workspace variables are

A workspace variable is a named value stored in your current workspace. Commands and workflows can reference variables by placeholder syntax so you update one value instead of many command bodies.

Variables are content configuration — WorkCheats does not execute commands when variables are applied or substituted for display.

Safe placeholder usage

Follow these practices:

  1. Use descriptive variable names (target_host, scope_label) instead of opaque codes.
  2. Prefer placeholders for values that change between engagements, not for secrets you should never store in plain text.
  3. Review substituted output before copying commands to a terminal.
  4. Treat imported variable definitions as untrusted until you validate them (see Import & Export).

Sensitive values and masking

WorkCheats is not a secrets manager.

  • Do not store passwords, API keys, tokens, or private keys in variables unless your organisation explicitly allows it and you accept the risk.
  • Use external secret stores for credentials and reference them manually when running commands.
  • Masking is a UI safety aid, not a permission boundary. Sensitive names may show a masked preview in the app, but workspace members with access can still view workspace variable values according to workspace permissions.
  • In team workspaces, assume teammates with access can read variables you store there.

If you are unsure whether a value is safe to store, keep it out of WorkCheats and enter it only in your local environment.

Workspace scope

Workspace variables are scoped to your current workspace:

  • Personal workspace — variables belong to your account.
  • Team workspace — variables are shared with team members who have access.

Manage workspace variables from the Variables page in your workspace sidebar. During an active session, use the session variables panel for per-run overrides — see Session variables.

Screenshot placeholder: Variables page listing workspace variables with names and masked preview values.

Export and logging

Workspace variables are managed in the web app. There is no separate workspace-variable export flow in the current product slice.

WorkCheats avoids logging variable values in service diagnostics — only safe metadata such as action names and identifiers may be recorded. This does not change who can read variables inside the app.

Current

  • Create, edit, and reference workspace variables in the web app
  • Workspace-scoped variable lists for personal and team accounts
  • Placeholder usage in commands and workflow steps (content only — not execution)
  • UI masking for sensitive variable names
  • Independent session variable overrides during workflow runs

Roadmap

The following are not available yet:

  • CLI masked variables — show variable values in the terminal with masking rules via wcheats
  • Advanced variable typing, validation rules, and per-environment profiles
  • Automatic rotation or integration with external secret managers

See wcheats CLI for current CLI scope.