diff --git a/app/views/admin/application_settings/ci_cd.html.haml b/app/views/admin/application_settings/ci_cd.html.haml
index addd23688b429b8c3f191e9571fe67cf922ec316..b7a43916a30851aaeb61dd2fadee9c841f1b31c6 100644
--- a/app/views/admin/application_settings/ci_cd.html.haml
+++ b/app/views/admin/application_settings/ci_cd.html.haml
@@ -7,16 +7,7 @@
   .settings-header
     = render 'admin/application_settings/ci/header', expanded: expanded_by_default?
   .settings-content
-    %p
-      = _('Variables can be:')
-    %ul
-      %li
-        = html_escape(_('%{code_open}Protected:%{code_close} Only exposed to protected branches or protected tags.')) % { code_open: '<code>'.html_safe, code_close: '</code>'.html_safe }
-        = link_to _('Learn more.'), help_page_path('ci/variables/index', anchor: 'protect-a-cicd-variable'), target: '_blank', rel: 'noopener noreferrer'
-      %li
-        = html_escape(_('%{code_open}Masked:%{code_close} Hidden in job logs. Must match masking requirements.')) % { code_open: '<code>'.html_safe, code_close: '</code>'.html_safe }
-        = link_to _('Learn more.'), help_page_path('ci/variables/index', anchor: 'mask-a-cicd-variable'), target: '_blank', rel: 'noopener noreferrer'
-
+    = render 'ci/variables/attributes'
     - if ci_variable_protected_by_default?
       %p.settings-message.text-center.gl-mb-0
         - help_link = link_to('', help_page_path('ci/variables/index', anchor: 'protect-a-cicd-variable', target: '_blank', rel: 'noopener noreferrer'))
diff --git a/app/views/ci/variables/_attributes.html.haml b/app/views/ci/variables/_attributes.html.haml
new file mode 100644
index 0000000000000000000000000000000000000000..a924d92a4bb84cb4f67d403fd7c8fdff6e9be372
--- /dev/null
+++ b/app/views/ci/variables/_attributes.html.haml
@@ -0,0 +1,13 @@
+%p
+  = s_('CiVariables|Variables can be accidentally exposed in a job log, or maliciously sent to a third party server. The masked variable feature can help reduce the risk of accidentally exposing variable values, but is not a guaranteed method to prevent malicious users from accessing variables.')
+  = link_to _('How can I make my variables more secure?'), help_page_path('ci/variables/index', anchor: 'cicd-variable-security'), target: '_blank', rel: 'noopener noreferrer'
+%p
+  = s_('CiVariables|Variables can have several attributes.')
+  = link_to _('Learn more.'), help_page_path('ci/variables/index', anchor: 'define-a-cicd-variable-in-the-ui'), target: '_blank', rel: 'noopener noreferrer'
+%ul
+  %li
+    = html_escape(s_('CiVariables|%{code_open}Protected:%{code_close} Only exposed to protected branches or protected tags.')) % { code_open: '<code>'.html_safe, code_close: '</code>'.html_safe }
+  %li
+    = html_escape(s_('CiVariables|%{code_open}Masked:%{code_close} Hidden in job logs. Must match masking requirements.')) % { code_open: '<code>'.html_safe, code_close: '</code>'.html_safe }
+  %li
+    = html_escape(s_('CiVariables|%{code_open}Expanded:%{code_close} Variables with %{code_open}$%{code_close} will be treated as the start of a reference to another variable.')) % { code_open: '<code>'.html_safe, code_close: '</code>'.html_safe }
diff --git a/app/views/ci/variables/_index.html.haml b/app/views/ci/variables/_index.html.haml
index 65f9e6c23424604ca0634c734c5dadba86059f20..a1567ad34e8fa8efe2ddc6a4f5c62f4971aea3bc 100644
--- a/app/views/ci/variables/_index.html.haml
+++ b/app/views/ci/variables/_index.html.haml
@@ -2,16 +2,7 @@
 - is_group = !@group.nil?
 - is_project = !@project.nil?
 
-%p
-  = _('Variables can have several attributes.')
-  = link_to _('Learn more.'), help_page_path('ci/variables/index', anchor: 'define-a-cicd-variable-in-the-ui'), target: '_blank', rel: 'noopener noreferrer'
-%ul
-  %li
-    = html_escape(_('%{code_open}Protected:%{code_close} Only exposed to protected branches or protected tags.')) % { code_open: '<code>'.html_safe, code_close: '</code>'.html_safe }
-  %li
-    = html_escape(_('%{code_open}Masked:%{code_close} Hidden in job logs. Must match masking requirements.')) % { code_open: '<code>'.html_safe, code_close: '</code>'.html_safe }
-  %li
-    = html_escape(_('%{code_open}Expanded:%{code_close} Variables with %{code_open}$%{code_close} will be treated as the start of a reference to another variable.')) % { code_open: '<code>'.html_safe, code_close: '</code>'.html_safe }
+= render 'ci/variables/attributes'
 
 #js-ci-variables{ data: { endpoint: save_endpoint,
   is_project: is_project.to_s,
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index e157a599286e3cb2727b3d51252b3b06aa0a3bcb..915acda10de728e8554861a0c5fad7576c671ece 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -588,15 +588,6 @@ msgstr ""
 msgid "%{codeStart}$%{codeEnd} will be treated as the start of a reference to another variable."
 msgstr ""
 
-msgid "%{code_open}Expanded:%{code_close} Variables with %{code_open}$%{code_close} will be treated as the start of a reference to another variable."
-msgstr ""
-
-msgid "%{code_open}Masked:%{code_close} Hidden in job logs. Must match masking requirements."
-msgstr ""
-
-msgid "%{code_open}Protected:%{code_close} Only exposed to protected branches or protected tags."
-msgstr ""
-
 msgid "%{commit_author_link} authored %{commit_authored_timeago}"
 msgstr ""
 
@@ -10604,6 +10595,15 @@ msgstr ""
 msgid "CiStatusText|Warning"
 msgstr ""
 
+msgid "CiVariables|%{code_open}Expanded:%{code_close} Variables with %{code_open}$%{code_close} will be treated as the start of a reference to another variable."
+msgstr ""
+
+msgid "CiVariables|%{code_open}Masked:%{code_close} Hidden in job logs. Must match masking requirements."
+msgstr ""
+
+msgid "CiVariables|%{code_open}Protected:%{code_close} Only exposed to protected branches or protected tags."
+msgstr ""
+
 msgid "CiVariables|A variable key can only contain letters, numbers, and '_'."
 msgstr ""
 
@@ -10733,6 +10733,12 @@ msgstr ""
 msgid "CiVariables|Variables"
 msgstr ""
 
+msgid "CiVariables|Variables can be accidentally exposed in a job log, or maliciously sent to a third party server. The masked variable feature can help reduce the risk of accidentally exposing variable values, but is not a guaranteed method to prevent malicious users from accessing variables."
+msgstr ""
+
+msgid "CiVariables|Variables can have several attributes."
+msgstr ""
+
 msgid "CiVariables|Variables specified here are %{boldStart}expanded%{boldEnd} and not %{boldStart}masked.%{boldEnd}"
 msgstr ""
 
@@ -24315,6 +24321,9 @@ msgstr ""
 msgid "Housekeeping successfully started"
 msgstr ""
 
+msgid "How can I make my variables more secure?"
+msgstr ""
+
 msgid "How do I change my password in GitLab?"
 msgstr ""
 
@@ -53506,12 +53515,6 @@ msgstr ""
 msgid "Variables"
 msgstr ""
 
-msgid "Variables can be:"
-msgstr ""
-
-msgid "Variables can have several attributes."
-msgstr ""
-
 msgid "Various container registry settings."
 msgstr ""