When you need to define environment variables you can do so in:
.travis.yml, which are tied to a particular commit.
repository settings, if they are needed for the build to run and don’t contain sensitive data.
.travis.yml and encrypted, for sensitive data such as authentication tokens.
Encrypted vars defined in repository settings are not provided to "untrusted" builds (triggered by pull requests from another repository)
cf https://docs.travis-ci.com/user/environment-variables/:
Encrypted vars defined in repository settings are not provided to "untrusted" builds (triggered by pull requests from another repository)