The short answer: yes, you do.
The platform where you deploy your application usually offers some kind of configuration page, which lets you define env variables. Please try to not commit them or save them to local project files. Keep them in a password manager or other encrypted source and configure them manually for the target platform, because if they are released once, malicious people can do much harm with them.
Unfortunately, every platform has a different way to configure them. For example, Zeit uses the CLI tool for configuration.
Since Electron usually is a desktop application, though, I recommend adding a server part, which keeps the secrets. Do not distribute secrets to users, because users are evil and cannot be trusted. They will be able to extract the secrets.