Give the bot runtime (not in the repository, environment variable or something) credentials for a secret storage tool of some kind, where it can then fetch credentials for whatever it's allowed to do.
Securing the bot itseld is definitely a larger challenge, but a heavily shielded box and tools like Vault can go a long way. It's actually not much different to securing other solutions to the problem like Capistrano or Chef, and definitely still better than giving root SSH access to your developers.