I've discovered that by default no variable value is encrypted unless you set it as sensitive.

In many cases having visible variable values makes it safer to deploy a release since you know what the values contain, but from a security point of view is not advisable since the variables are not encrypted in the database.

To underestimate convenience in the matter of how variable values are handled by people, must surely be a bad idea.

What I suggest is to
- encrypt variable values by default in the database, but let the values be decrypted in the UI of Octopus Deploy.