From their docs, it would seem Hasura Admin Secret is not the only way and there are other ways which can help avoid exposing the Hasura Admin Secret:
and the details are here (JWT) or here (webhook)
I recommend you explore setting up Configuration Variables in Retool and using those when you are passing secrets (see this post and these docs).
I'd also recommend you work with whomever is in charge of security on your team (and perhaps your boss who put you on blast 
) to go through options and make clear choices as you proceed.