there had to be a simple answer. And that answer has
nothing to do with git.
Turns out, you can store arbitrarily many encrypted environment
variables in the .travis.yml file. Only the ones relevant to the
repo actually being built can be decrypted.
So it's totally safe for xxx to accept a pull request from ndw
that adds GH_TOKEN and other envionment variables to the secure
When Travis builds xxx/repo, xxx's version of GH_TOKEN and
friends get decrypted and added to the environment. When Travis
builds ndw's version, his version of GH_TOKEN etc. get decrypted.
So xxx and ndw can
have the same .travis.yml file.”