Storing passwords for external services

Question

I'm looking for ideas on what would be the most approachable/secure way, to store passwords in an application, which are needed for external services (the external services don't support any kind of tokens, just plain password authentication).

There are about 10 passwords, which I'm in need to store and use regularly, so not too many.

My thoughts:

• Plain text inside the database (Of course, this is absolutely no option, just for completeness)
• Directly inside the application, hard-coded (really bad idea IMHO, because it would then be in the source control and possible CI logs)
• Environment variables (Could be an option, but as there are about 10 user/password combinations, it would pollute the whole thing pretty much)
• Using a synchronous encryption and storing the password inside the database (no hashing, as I need to get the password in plain text to access the remote services)

Would appreciate any idea/input with pros/cons or any link to some useful resources (as I couldn't really find much about this topic)

Answer 1

There are multiple questions like this here and the issue with the credentials is.. you need to store them somewhere

I agree hardcoding credentials is a VERY bad idea, imho the best options you have are database or configuration (file or env. variables)

Now it's up to you if you are ok to store the credentials plaintext or you encrypt them, but the encryption key need to be stored somewhere too..