Just thinking out loud here.

But could you store the key(s) in a C-coded & compiled routine so that it is, at least, not just 'obfuscated'?

Or, perhaps even better, use a compiled c-coded and compiled encryptor to encrypt the keys and then store them in file that only the c-coded & compiled subroutine(s) knows about?