I suggest that you store the keys – possibly scrambled, to make it less-than-trivially-easy to snatch – in a file with a
r--/---/--- permissions mask, granting only the Owner of the file only the ability to Read it. Then, be sure that the file is owned by the user-id that runs the application.
Now, secure the system so that no one can break into it.
Be sure also that the connection to the remote service uses cryptographic security,
e.g. TLS/SSL. It is desirable that the connection uses digital certificates to further restrict who is capable of connecting to the remote service in the first place, but
ex minimis be sure that the traffic is not passing over the Internet "in the clear."