Is it possible to build actions for API based services which get the API‘s secrets stored in a Keychain or a 3rd party Password manager?

Nothing is completely bombproof, except an non-networked air-gapped computer inside a robust faraday cage...

:sunglasses:

You can get pretty tricky if you want to go to the trouble.