A developer uses Copilot CLI to diagnose failing integration tests. The tests require local environment variables, and the developer wants to share a Markdown session summary with another maintainer without exposing sensitive values. Which change best handles the environment-specific constraint?
cd ~/work/inventory-api
export DATABASE_URL="postgres://dev_user:dev_password@localhost:5432/inventory"
export STRIPE_TEST_KEY="sk_test_123456789"
copilot --share ./session.md
# Prompt:
# Diagnose why the integration tests fail and summarize the commands you ran.Choose an answer
Tap an option to check your answer.
Correct answer: Add --secret-env-vars=DATABASE_URL,STRIPE_TEST_KEY.
Why this is the answer
The --secret-env-vars flag is designed to prevent specified environment variables from being included in the shared session summary, ensuring sensitive data like DATABASEURL and STRIPETESTKEY are not exposed. Moving secrets to README setup steps doesn't prevent them from being captured if they are active in the shell session Copilot CLI monitors. Running Copilot CLI from the parent workspace doesn't address the issue of sensitive environment variables being present in the current shell. Committing .env.dev would make the sensitive information permanently available in version control, which is a significant security risk.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed