This issue is not completely resolved, it still shows the secret/certificate in 'getVariant', PATCH version of 'updateiOSVariant'.

And possibly (depends on the behavior of those methods, but this is currently untested) in 'listAllPushApplications' and 'resetMasterSecret'.

I believe that it would make a lot of sense to remove the current implementation of stripping the passphrase and certificate out and implement it a better way (for example the suggested AGPUSH-733) so when later someone adds a new endpoint, he doesn't need to think about adding an extra line to remove passphrases/certificates.