In this situation I just create a custom record and put the api key or whatever secret in a field. You can set permissions on the custom record / field and leverge NetSuite's built-in authentication if you need to restrict the ability to view or edit the secret.