I need to provide secrets within the build process.

I read your documentation at https://docs.digitalocean.com/products/app-platform/how-to/use-environment-variables/ and https://docs.digitalocean.com/products/app-platform/reference/dockerfile/

This pages describe an approach ("ARG"), which is not considered as best practices nor safe, since the secrets would be stored within the docker image built and thus, be leaked.

The right approach is https://docs.docker.com/build/building/secrets/

Please support the right approach