Gitlab CI Manual job security

I’m relatively new to Gitlab CI, so I might not be thinking this through properly. If that’s the case, feel free to suggest some alternatives.

Currently, we are using Gitlab CI with a private runner to build and deploy code and containers. So far, we are only doing this in non-production environments, and mainly with manual jobs. I still want to go with the manual jobs for the time being, but I’d like to setup one repo to be able to deploy to our production environment. Is there a way that I can secure who can deploy to production? So far, either I don’t see any sort of security, or I’m not thinking it through properly.