To reproduce:

1. In the Settings panel (https://travis-ci.org/OWNER/REPO/settings), create a new environment variable with a leading white space, say 371341abcdef313451 .
2. Run a build.
3. This results in a log message such as this:

$ export SUPER_SECRET=[secure]
/home/travis/build.sh: line 41: export: `371341abcdef313451': not a valid identifier

If the first non-space character is a numeric, then the value will be exposed (as above). If it is an alphabet character, then it is silently ignored. This is due to the compiled bash script which looks like this:

export SUPER_SECRET= 371341abcdef313451
export SUPER_SECRET_2= abcdef

and so on.

This is probably not what the user is expecting. If the value is really a secret, it will be exposed unexpectedly.

Possible solutions:

1. Drop leading white spaces
2. Wrap the env var in single quotes (or escape it in some other ways)

Whatever the solution, the user should be notified of the changes made (if any) to the value the user entered.