If we have secrets, like access tokens, API keys etc. we should keep them as secrets, and find a way to still include during build and runtime