Use Job Secrets
This tutorial explains how to use job secrets to avoid exposing secret information in your build spec file.
We should never use secret value directly in build spec as otherwise everyone with permission to read code can know the secret. Instead we define it in project settings like below, and reference it in build spec:
Define a secret say access-token in project settings:
Now reference the secret from build spec via variable. For instance:
Some build spec settings may require a job secret directly, for instance the push image step requires a job secret to be used as access token to push image to built-in docker image registry: