diff --git a/lib/manager/bundler/artifacts.js b/lib/manager/bundler/artifacts.js
index 1a5572ae21..1dda3ad850 100644
--- a/lib/manager/bundler/artifacts.js
+++ b/lib/manager/bundler/artifacts.js
@@ -1,6 +1,7 @@
 const { exec } = require('child-process-promise');
 const fs = require('fs-extra');
 const upath = require('upath');
+const { getChildProcessEnv } = require('../../util/env');
 
 const { getPkgReleases } = require('../../datasource/docker');
 const {
@@ -40,13 +41,7 @@ async function updateArtifacts(
     const localPackageFileName = upath.join(config.localDir, packageFileName);
     await fs.outputFile(localPackageFileName, newPackageFileContent);
     const localLockFileName = upath.join(config.localDir, lockFileName);
-    const env =
-      global.trustLevel === 'high'
-        ? process.env
-        : {
-            HOME: process.env.HOME,
-            PATH: process.env.PATH,
-          };
+    const env = getChildProcessEnv();
     const startTime = process.hrtime();
     let cmd;
     if (config.binarySource === 'docker') {
diff --git a/lib/manager/cargo/artifacts.js b/lib/manager/cargo/artifacts.js
index 3c19feeec6..a05817fd96 100644
--- a/lib/manager/cargo/artifacts.js
+++ b/lib/manager/cargo/artifacts.js
@@ -2,6 +2,7 @@ const upath = require('upath');
 const process = require('process');
 const fs = require('fs-extra');
 const { exec } = require('child-process-promise');
+const { getChildProcessEnv } = require('../../util/env');
 
 module.exports = {
   updateArtifacts,
@@ -32,13 +33,7 @@ async function updateArtifacts(
     await fs.outputFile(localPackageFileName, newPackageFileContent);
     logger.debug('Updating ' + lockFileName);
     const cwd = config.localDir;
-    const env =
-      global.trustLevel === 'high'
-        ? process.env
-        : {
-            HOME: process.env.HOME,
-            PATH: process.env.PATH,
-          };
+    const env = getChildProcessEnv();
     for (let i = 0; i < updatedDeps.length; i += 1) {
       const dep = updatedDeps[i];
       // Update dependency `${dep}` in Cargo.lock file corresponding to Cargo.toml file located
diff --git a/lib/manager/composer/artifacts.js b/lib/manager/composer/artifacts.js
index 0c9642afbd..7d92fb4d62 100644
--- a/lib/manager/composer/artifacts.js
+++ b/lib/manager/composer/artifacts.js
@@ -4,6 +4,7 @@ const { exec } = require('child-process-promise');
 const fs = require('fs-extra');
 const upath = require('upath');
 const hostRules = require('../../util/host-rules');
+const { getChildProcessEnv } = require('../../util/env');
 
 module.exports = {
   updateArtifacts,
@@ -95,14 +96,7 @@ async function updateArtifacts(
       const localAuthFileName = upath.join(cwd, 'auth.json');
       await fs.outputFile(localAuthFileName, JSON.stringify(authJson));
     }
-    const env =
-      global.trustLevel === 'high'
-        ? process.env
-        : {
-            HOME: process.env.HOME,
-            PATH: process.env.PATH,
-            COMPOSER_CACHE_DIR: process.env.COMPOSER_CACHE_DIR,
-          };
+    const env = getChildProcessEnv(['COMPOSER_CACHE_DIR']);
     const startTime = process.hrtime();
     let cmd;
     if (config.binarySource === 'docker') {
diff --git a/lib/manager/gomod/artifacts.js b/lib/manager/gomod/artifacts.js
index 25b2e57a8a..37a178620c 100644
--- a/lib/manager/gomod/artifacts.js
+++ b/lib/manager/gomod/artifacts.js
@@ -2,6 +2,7 @@ const { exec } = require('child-process-promise');
 const fs = require('fs-extra');
 const upath = require('upath');
 const hostRules = require('../../util/host-rules');
+const { getChildProcessEnv } = require('../../util/env');
 
 module.exports = {
   updateArtifacts,
@@ -38,14 +39,7 @@ async function updateArtifacts(
     }
     await fs.outputFile(localGoModFileName, massagedGoMod);
     const localGoSumFileName = upath.join(config.localDir, sumFileName);
-    const env =
-      global.trustLevel === 'high'
-        ? process.env
-        : {
-            HOME: process.env.HOME,
-            PATH: process.env.PATH,
-            GOPATH: process.env.GOPATH,
-          };
+    const env = getChildProcessEnv(['GOPATH']);
     const startTime = process.hrtime();
     let cmd;
     if (config.binarySource === 'docker') {
diff --git a/lib/manager/npm/post-update/index.js b/lib/manager/npm/post-update/index.js
index 23f634d751..32ef316b82 100644
--- a/lib/manager/npm/post-update/index.js
+++ b/lib/manager/npm/post-update/index.js
@@ -8,6 +8,7 @@ const lerna = require('./lerna');
 const yarn = require('./yarn');
 const pnpm = require('./pnpm');
 const hostRules = require('../../../util/host-rules');
+const { getChildProcessEnv } = require('../../../util/env');
 
 module.exports = {
   determineLockFileDirs,
@@ -365,17 +366,11 @@ async function getAdditionalFiles(config, packageFiles) {
     process.env.npm_config_store ||
     upath.join(config.cacheDir, './others/pnpm');
   await fs.ensureDir(process.env.npm_config_store);
-
-  const env =
-    global.trustLevel === 'high'
-      ? process.env
-      : {
-          HOME: process.env.HOME,
-          PATH: process.env.PATH,
-          NPM_CONFIG_CACHE: process.env.NPM_CONFIG_CACHE,
-          YARN_CACHE_FOLDER: process.env.YARN_CACHE_FOLDER,
-          npm_config_store: process.env.npm_config_store,
-        };
+  const env = getChildProcessEnv([
+    'NPM_CONFIG_CACHE',
+    'YARN_CACHE_FOLDER',
+    'npm_config_store',
+  ]);
   env.NODE_ENV = 'dev';
 
   let token = '';
diff --git a/lib/manager/pipenv/artifacts.js b/lib/manager/pipenv/artifacts.js
index fdf47edb0e..b595cf5ee4 100644
--- a/lib/manager/pipenv/artifacts.js
+++ b/lib/manager/pipenv/artifacts.js
@@ -1,6 +1,7 @@
 const { exec } = require('child-process-promise');
 const fs = require('fs-extra');
 const upath = require('upath');
+const { getChildProcessEnv } = require('../../util/env');
 
 module.exports = {
   updateArtifacts,
@@ -31,16 +32,7 @@ async function updateArtifacts(
     const localPipfileFileName = upath.join(config.localDir, pipfileName);
     await fs.outputFile(localPipfileFileName, newPipfileContent);
     const localLockFileName = upath.join(config.localDir, lockFileName);
-    const env =
-      global.trustLevel === 'high'
-        ? process.env
-        : {
-            HOME: process.env.HOME,
-            PATH: process.env.PATH,
-            LC_ALL: process.env.LC_ALL,
-            LANG: process.env.LANG,
-            PIPENV_CACHE_DIR: process.env.PIPENV_CACHE_DIR,
-          };
+    const env = getChildProcessEnv(['LC_ALL', 'LANG', 'PIPENV_CACHE_DIR']);
     const startTime = process.hrtime();
     let cmd;
     if (config.binarySource === 'docker') {
diff --git a/lib/manager/poetry/artifacts.js b/lib/manager/poetry/artifacts.js
index cc3412e32c..b2999a1633 100644
--- a/lib/manager/poetry/artifacts.js
+++ b/lib/manager/poetry/artifacts.js
@@ -2,6 +2,7 @@ const upath = require('upath');
 const process = require('process');
 const fs = require('fs-extra');
 const { exec } = require('child-process-promise');
+const { getChildProcessEnv } = require('../../util/env');
 
 module.exports = {
   updateArtifacts,
@@ -42,13 +43,7 @@ async function updateArtifacts(
     await fs.outputFile(localPackageFileName, newPackageFileContent);
     logger.debug(`Updating ${lockFileName}`);
     const cwd = upath.join(config.localDir, subDirectory);
-    const env =
-      global.trustLevel === 'high'
-        ? process.env
-        : {
-            HOME: process.env.HOME,
-            PATH: process.env.PATH,
-          };
+    const env = getChildProcessEnv();
     let cmd;
     // istanbul ignore if
     if (config.binarySource === 'docker') {
diff --git a/lib/util/env.js b/lib/util/env.js
new file mode 100644
index 0000000000..070942ee6c
--- /dev/null
+++ b/lib/util/env.js
@@ -0,0 +1,24 @@
+function getChildProcessEnv(customEnvVars = []) {
+  const env = {};
+  if (global.trustLevel === 'high') {
+    return Object.assign(env, process.env);
+  }
+  const envVars = [
+    'HTTP_PROXY',
+    'HTTPS_PROXY',
+    'NO_PROXY',
+    'HOME',
+    'PATH',
+    ...customEnvVars,
+  ];
+  envVars.forEach(envVar => {
+    if (typeof process.env[envVar] !== 'undefined') {
+      env[envVar] = process.env[envVar];
+    }
+  });
+  return env;
+}
+
+module.exports = {
+  getChildProcessEnv,
+};
diff --git a/test/util/env.spec.js b/test/util/env.spec.js
new file mode 100644
index 0000000000..237a173ed9
--- /dev/null
+++ b/test/util/env.spec.js
@@ -0,0 +1,33 @@
+const { getChildProcessEnv } = require('../../lib/util/env');
+
+describe('getChildProcess environment when trustlevel set to low', () => {
+  const envVars = ['HTTP_PROXY', 'HTTPS_PROXY', 'NO_PROXY', 'HOME', 'PATH'];
+  beforeEach(() => {
+    envVars.forEach(env => {
+      process.env[env] = env;
+    });
+  });
+  afterEach(() => {
+    envVars.forEach(env => delete process.env[env]);
+  });
+  it('returns default environment variables', () => {
+    expect(getChildProcessEnv()).toHaveProperty(...envVars);
+  });
+  it('returns environment variable only if defined', () => {
+    delete process.env.PATH;
+    expect(getChildProcessEnv()).not.toHaveProperty('PATH');
+  });
+  it('returns custom environment variables if passed and defined', () => {
+    process.env.LANG = 'LANG';
+    expect(getChildProcessEnv(['LANG'])).toHaveProperty(...envVars, 'LANG');
+    delete process.env.LANG;
+  });
+
+  describe('getChildProcessEnv when trustlevel set to high', () => {
+    it('returns process.env if trustlevel set to high', () => {
+      global.trustLevel = 'high';
+      expect(getChildProcessEnv()).toMatchObject(process.env);
+      delete global.trustLevel;
+    });
+  });
+});