The purpose of "secret" nodes is to hide their values from unprivileged users in the config output, or in output option meant specifically for sharing configs on the internet. It should display something like "*****" instead of the actual value in this case.
The purpose of "hidden" option can be used either a soft feature toggle for hiding experimental features, or for hiding "dangerous" commands that mess up with system internals and shouldn't be used without complete understanding of why they are there and what exactly they do, or for the more frivolous purpose of adding easter eggs.

Before we even decide how it should look in the CLI and config output, we need to add it to the interface definition schema, and to the reference tree module.

Here's what it takes:

• Add <hidden/> and <secret/> tags to the RELAX-NG schema of the interface definitions (data/schemata/interface_definition.rnc), you can use the "multi" and "valueless" for the reference
• Add "secret: bool" and "hidden: bool" fields to the ref_node_data record type in the Reference_tree module (src/reference_tree.ml) and its interface (src/reference_tree.mli)
• Add those fields with default value of false to the default_data record
• Add cases for loading those properties to the data_from_xml function (again, use the cases for "multi" and "valueless" for the reference)
• Add is_secret and is_hidden function by analogy with the is_multi function
• Add unit tests, by analogi with https://github.com/vyos/vyconf/blob/master/test/reference_tree_test.ml#L64-L72 (needs corresponding nodes in test/data/interface_definition_sample.xml, "system login password" is a perfect candidate for a "secret" node, and for hidden, we can just make something up)