The recommended way of using secrets during builds on Cloud Build is by loading them in from Secret Manager. What would be the dangers of saving them as environment variables on the build trigger?
Anyone with project viewer or higher permissions will be able to see them. Anyone who can invoke your build can easily print them out in build logs. There’s no auditing or logging when a secret is accessed or by who.