go/hardcoded-credentials triggers on non-secret names of Google Cloud secrets, if the name contains the term 'Secret'. These are basically well-known keys; it's the values owned by the Secrets system's KV store that are actually secret.

Reproduce this by going to
https://lgtm.com/query/2938151591646296588/
and running it on
https://github.com/knative/pkg