How would you ensure that secrets and credentials are not exposed during the build and deployment process?