|There is no absolute solution.
Anywhere you get it from the code when running must still have it in memory which could be copied.
Some possible variations.
1. Encrypt text in your code. But then of course the encryption key must be somewhere. But it does make it a bit harder to find the more useful (hackable) first one
2. Load it from a file. Installing into production means that the authorized users are only ones with access to the file. They put the value in the file. This can be combined with the first one so that the value in the file is still encrypted. In that case you do want the encryption key in the code and not the file. Because then they would need to figure out both to get to the uncrypted value.