You don't. The logic is unchanged if the data changes. A snippet of code would be unchanged, apart from the data.
// Add an arrow icon
var arrow_icon = base64decode("00000000000000000...");
add_image(arrow_icon);
That is: the prerequisite for this approach being viable is if one assumes that "code" and "data" are distinct, and that data can be seen as irrelevant placeholders. That is: in the example above I was after the code to add the icon, not the icon payload itself.
There are obvious bordeline cases like large numeric constants that are actually core part of the logic. E.g. a method that multiplies by Pi with 14 digits wouldn't work very well if they were replaced by zeroes. So most likely numerical constants would need to be left alone.
Often times secrets are numerical constants. In your own example, the icon is a base64-encoded number. How would you tell secret numbers apart from the rest?
Base64 isn't numeric it's alphanumeric. The only reason this is reasonable (again) is that alomost all secrets like api keys or complex passwords are maximizing their information content and are therefore alphanumeric (or better). Base64 encoded data does too, and is an innocent casualty in that censorship.
They meant that a number written in hex (base16) is still a number, even though you use some letters. Similarly, a number written in base64 is still a number.
There are obvious bordeline cases like large numeric constants that are actually core part of the logic. E.g. a method that multiplies by Pi with 14 digits wouldn't work very well if they were replaced by zeroes. So most likely numerical constants would need to be left alone.