If you bind Kubernetes secrets to environment variables, and the values of secrets are printed by some process running in the pod, the text should be masked from the build log to prevent accidental disclosure. This is analogous to the masking behavior performed by the withCredentials step.