Hello, Guix itself does not handle any secrets yet -- at best you could consider the password field of the user-account structure to be one, and that is not particularly kept a secret either (it shows up as plaintext). Depending on your use-case, there might also be services like the letsencrypt-service-type to generate X.509 certificates. Other than that, you may be able to send some already encrypted file to your machine, but you'll have to manually set up decryption through other means unless you want plaintext in your store again.
That's the status quo as far as I understand. How it *should* handle secrets remains an open question if I recall correctly. Regards, Leo