Your request is conflicting, you don't want it to save it in your domain model but you want to use it as an entity's attribute, how?
Assuming that you just want to use it in your REST operations, you can simply make a Constant for your app key, secret key, which is a static per environment and need a restart to effect a change. AND you can use it in your REST operation by looking with a "@" (instead of a $) or in another entity by copying it or so.
Yes, you can also pick the keys from a file downloaded, something like;
1 - download the csv file from link by a java action in community commons like storeURLToFileDocument
2 – then you can map the CSV contents with a app store module like https://appstore.home.mendix.com/link/app/429/
(or you can try to make a string from the file, which probably can read without using the app store module, but again you have to map it still to your mx objects)
3 – use the generated object from CSV mapping as input for your REST operation
Why not encrypt all those keys? Yes, a developer working with production database can see those keys if the person sets a breakpoint. But if a non trusted person is able to do that you have a bigger problem.