What is the correct (and secure) way to pass GITLAB_ACCESS_TOKEN to a KubernetesAgent using Server deployed with Helm chart?

Related topics: How to set Secrets (e.g. GITHUB_ACCESS_TOKEN) on Server?