Welcome to our community site, @mja. 
I’m assuming here these are authorization/login secrets and, therefore, shouldn’t be publicly available.
The answer also depends on what the Auth0 config is being used for.
Are you using these credentials during the build process? If so, then we recommend adding these as environment variables in the Netlify UI for the site. This will keep them out of the repo and allow them to be used during the site build.
If these are needed for API calls the site will be making, with JAMStack sites, the API calls must happen from the end users browser (not from the web server hosting the website).
If this is the case, there is no way to keep them secret in the end user’s browser. However, there is a workaround using Netlify Functions and we have a different topic which covers this case here.
If there are other questions, please let us know.