Gatsby Netlify and secret keys in gatsby-config.js

Interfacing forms through an API like the Mautic API requires a public and secret key. Plugins that I’ve looked at like this one: https://www.gatsbyjs.org/packages/gatsby-source-mautic/
require the secret key to be in the gatsby-config.json file. This file is checked into the remote repo like gitlab to enable Netlify’s automatic deployment. What is it that I don’t understand about how this can possibly be secure? I could avoid checking it in but then I believe I would not be able to deploy to Netlify automatically through gitlab. I believe there has to be something I don’t understand but I don’t know what it is. Can someone provide some help here and direct me to material for reading and studying and/or tutorials?

hi there, maybe one of the posts below contains information that is pertinent for you:

If you still don’t have a starting point after working through those posts, post again here and we will try and find additional resources for you

This seems perfect. I’ll do a deep dive when I get some time.
Thank you @perry

gatsby-config.js is run in node.js, it should be pretty easy to chuck your key in build environment variables and then check process.env.MY_SECRET_KEY. so for your case:

{
    resolve: 'gatsby-source-mautic',
    options: {
        baseUrl:  process.env.MY_MAUTIC_BASE_URL,
        auth: 'basic', [optional]
        publicKey: [your username],
        secretKey: process.env.MY_SECRET_KEY
    }
}