MS App publishing

Hi guys, we've implemented App that is used between MS and our 3d-party CRM system. This App simply has 8 permissions of Application type (they allow us to use this App for Graph API callouts to create/update events in our tenant). The idea is that any user in our system can create/update events in our CRM system and sync them with MS tenant so they appear on the Calendar in MS (without authentification, it happens just on the back-end and we use these 3 params for auth and calls: Tenant Id, Application Id and Secret that we've created. We have clients that also use CRM system and would like to have the same integration between their CRM system and their MS Tenant. For that purpose we've published the App as Azure Application and in mainTemplate.json specified these 8 permissions:

The idea of this App is next: customers install it to their MS Tenant, create Secret, then they go to their CRM system, paste Tenant Id, Application Id and Secret to integration configuration settings and it starts to work.

The problem we are facing is next - when customers install our App to their Tenant, there is no way for them to create Secret that should be used in API callouts from their CRM System to their MS Tenant. Please help us on that, maybe we are doing something wrong and this approach - to use Tenant Id, Application Id and Secret for callouts is ok for local MS Apps and will not work for published Apps. Any help will be appreciated. Thanks in advance!