Sensitive data in the xpi

Could you please let me know how could I get an xpi signed if there is sensitive data to the connection string (user/password)?

Please advise whether it is possible to add these info into the xpi, after it is got signed. And if so, how?

thank you in advance

It will be rejected. You cannot store any username or password in the xpi. If you want to do oauth you can include that information but you should obfuscate it.