Secure storage for API tokens

I’d like to have a parameter field for secret data that only allows for input, but doesn’t reveal its value and also doesn’t allow copy. Leaving the API tokens visible poses a potential risk. Another solution could be a secret storage (like GitHub Secrets) where you store all your tokens and then you reference them from the parameter fields.

Use cases:
API tokens in plugin settings
API tokens in General Settings (example: Zotero)