As a followup,
What is the best way to hide the secrets in the extension? Using a file, then importing those secrets in?