How to maintain secret keys (AWS access token, user-ID, etc.)?

I’ve built an image classification app and have put the model weights on AWS S3 private bucket. I do retrieve those objects using s3 client and have put the Access Key ID in .env file as well as a Github Secret environment variable.

Now, I want to deploy this app on Heroku. I don’t know how we maintain secret keys with Heroku and didn’t find any information on their docs. So how am I supposed to maintain this workflow with private keys involved? I can’t make s3 bucket public.