magento2 – Best way to manage sensitive custom Module Server-side properties on ConfigProviderInterface

While building a custom module for the checkout process, I need to add certain configuration properties (strings) to use as part of my plugin. These properties need to be kept “secret” on the server side.

However, if I use the standard ConfigProviderInterface with getConfig() the values of the configured properties are “leaked” to the client/frontend in the window.checkoutConfig = section (when viewing the source of the page during checkout) like:


What is the correct way to get module configuration settings from the Magento Admin for the checkout process so that they are not leaked to the client?