I’d use the native secrets of your VM platform or something like 1password with an functional API.

Yes if you get the hypervisor to provide the secrets this in theory means the secrets will be safe at rest... but if the VM gets breached (which is the scenario we're assuming here, as his VM is the one handling untrusted traffic from the internet), the secrets still get out.

One option is to use separate "proxy" VMs that proxy traffic to the external services and applies the secret. The main application VM uses those proxy VMs to talk to the external services. This means a compromise of the application VM will not be able to exfiltrate any secrets - it will merely be able to make use of them (by talking to the proxy VMs) while the attacker still has access. Post-breach remediation becomes easier as not only do you not need to rotate the secret (as it wasn't stolen, merely misused) but your proxy VM can provide a tamper-proof audit log to tell which malicious activity has happened, if any.