Google Kubernetes Engine (GKE) has the capability to encrypt application-layer secrets which can help keep them secure. When utilizing secrets, it is best practice not to pass them to containers in plain text.
In GCP Console -
In Terraform -
References:
https://cloud.google.com/kubernetes-engine/docs/how-to/shielded-gke-nodes
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster#database_encryption