Currently, there is no way to restrict the access to organization variables. This leads to a problem when storing API related values that should be kept secret as anyone with access to create and edit email templates, workflow rules, or inventory templates would now potentially have access to these variables.

Ideally, we should be able to set the permissions on a per-variable basis, however if the restriction was group based that would suffice. What I would like to see is the option to restrict the variable (or group of variables) from being used in merge fields of email templates, workflow rules, or inventory templates (individually configurable), thus limiting their accessibility to Deluge, Clients Scripts, or system configuration.