Any updates on this?

This is a really show stopper, for companies, in an enterprise environment.

Any updates on this? This is a big blocker for CD to prod for compliance reason.

In addition to admins, some customers would like to limit access based on team membership. For instance, only members of the devops team should have SSH access.

Posting as another voice for this feature request. A user having the ability to push proposed changes to a repo should NOT mean they have access to view secrets in CircleCI, especially when PROD could be/is a consideration for many, many teams. This is a pretty glaring security hole. As my Ops team often needs SSH to troubleshoot failed jobs, requesting that support disable SSH for both our orgs is out of the question.

Just because a user has write access to the master branch doesn't really mean that they should have had access to the production secret. This is stopping us from applying granular control where someone who develops code doesn't necessarily need to know about the secrets used for the application's build.

Any progress on this. That would be a major win for us.

+1 this is a much needed feature for us

This security bug is show stopper for us using circle ci. Can you please prioirise the solution higher.

Can CircleCI please comment on this request? Are there any access controls in the works for SSH access?

This is important and will ultimately prevent CircleCI from penetrating security conscious organizations.