When using the Custom Integration: Webhook feature (https://docs.port.io/build-your-software-catalog/custom-integration/webhook/) we have the option of specifying a secret - i.e. for inbound request signature verification.

The "secret" value is directly input to the webhook settings screen.

When creating a webhook via IaC (e.g. resource in Terraform), the secret is exposed in source code!

It would improve security if there was support for Port secrets here - i.e. the "secret" value references a secret, rather than having the raw secret value.