You can use iparams.js and iparams.json to listen for page load events.
Here’s example from Freshsales page, documentation is just missing for Freshdesk. You can try out.
You can make requests and get encrypted keys as soon as the user pastes API Keys and set as a iparam (may be invisible values). Install button is prevented if one of the validation checks fail. May be you can use that face to ensure encrypted values are stored?