I am using https://www.nuget.org/packages/PCLAppConfig for managing config values. It is fine for plain configs like api endpoints etc. But what is the suggested way for secret configs like app secret for hockey or secret for calling an API. Should I encrypt the config value and put in App.config and then decrypt the value in the code ? But then also, someone can disassemble the code and see the secret/salt which is getting used to decrypt the encrypted config value. What is the suggested way for maintaining secret config values ?