Working with sensitive data in docker

In our local docker image builds we use docker secrets to use sensitive data in env variables. Is there an equivalent in CircleCi to use Project /GUI environment variables so that it’s not exposed in the docker layers (docker image inspect / history) when building a custom docker image ? I used docker secrets since “ARG” and “ENV” docker commands will later reveal the secrets.