Well encrypt it and decrpyt it with your private key.
First of all: The named function hash_hmac does not encrypt. It creates a hash, which cannot be used to restore the original value. It is one way.
If you would use a proper encryption the logic is still faulty.
You have a secret, that cannot be added plainly to the repository. You add some decryption logic, encrypt the original secret and add it to the repository. The original secret is now safe. But now you have another secret (the private key needed for decryption) that cannot be added plainly to the repository.
You still have the same situation plus some extra decryption code, which has to be maintained. Also your build process has to handle the encryption.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.