Where put environment variables for Jenkins pipeline build (Best Practices)

I’m building some front-end project (Nuxt JS) on my deployment server(EC2) by Jenkins. For building those project we need lots of environment variable (S3 bucket info and other project specific variable). Those variables are also different based on branches like staging server, development server, production server .

So need to know where i put all those variables. I can declare variable as pipeline environment variable properties, but i think it’s unsecure. Can i put variables on s3 and copy those file. Or put variable on deployment machine(EC2) as a separated file like .env.stage, .env.dev and inject those variables before build. I wants to know the procedure to injecting large amount off variables properly and securely.