Environment variables. Specify them in the systemd service file. What is the problem with them?
I don't have many secrets to be honest.
Discussion
Wouldn’t the owner of the hardware have root access to them?
Definitely. If you want absolute secrecy you have to run your own (or trust Intel SGX but that's too complicated).
You can also precompile secrets inside the binary you deploy, the owner of the hardware still has access but it makes their lives harder. Or you can load the secrets from somewhere else on startup and keep them in memory, again they can still access but it's harder.