Pulling images from private docker repository exposes password

We are trying to deploy k8s on client’s account and docker images live in a private docker repo and we use helm charts. Our goal is to not expose docker credentials on the client k8s. Both the options Pull an Image from a Private Registry - Kubernetes mentioned here exposes the user name and password if the client decodes the k8 secret object.
is there any alternatives not to expose docker user name and password and and perform a readonly pull from private docker repository?