Secret Variables is not secure
Secret Variables
These variables will be set to environment by the runner and will be hidden in the build log.
So you can use them for passwords, secret keys or whatever you want.
I run 'env' command in before_script.
build log will show my Secret Variable 'MY_PASSWD'.
![MY_PASSWD](data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==)