You must clear the sensitive information, such as password from values.yml after the deployment is complete.
When inputs (password) are sent by using the --set command, it is visible when you run the helm get values <release name> command.