I am developing a TeamCity plugin that injects environment variables into builds using the ParametersPreprocessor server-side extension point. Injecting the variables works great - when I have a build step that runs "env" I can see that the values are correct.
However, the values I am injecting are sensitive and I would like them to be masked like user-provided parameters that have the type "password". I can't work out how to achieve this. Is there a different extension point I should be using?