The only way I know of for this is to use something like git-crypt. You can, for example, have a secrets.nix file that is encrypted in the repo but unencrypted when you do a checkout. This is trivially compatible with Nix Flakes since the file of secrets actually is in plain text on your system.
I use Liberapay and have been pretty happy with it. Have found quite a few of the people and projects to which I would like to donate, but not all.