Currently the masking of constants containing secrets in not available to SAP cloud hosted applications. SAP cloud also provides a secrets vault service in the same way as Azure and other cloud platforms that could be useful in this regards to better manage secrets and credentials to REST and other external services.
The bare minimum would be to have the masking available also for other clouds than Mx. Now all the secrets are open to everyone having access to the project and in some cases these are domain user account credentials. Please fix this security shortcoming.