Hi @romain1304,
As @futuregerald mentioned here:
You’d have to hardcode the secret in your Netlify Function. Considering your publish directory might be different from functions directory, the function’s code cannot be read by anyone else, it should not be a problem. If it’s in a public repo, you’d have to set the secret in an environment variable and then access it using process.env.VAR_NAME.