Where can we store 3rd party application passwords in Drupal 8?

I’ve written a Drupal 8 custom module that communicates with 3rd party APIs which need authentication. I have an application username and password for those APIs which I need to store somewhere. I can think of the following two ways to achieve that.

  1. I can store the credentials in the Drupal database as configuration. But the password then becomes visible in plain text to all the site admins, and we don’t want all the site admins to see the password (I also am aware that we can set up roles and permissions, so we can disable access to a particular configuration for all the site admins, but still the password is saved in plain text in the database).

  2. I can also store the credentials in the settings.php file.

Is there any other way we can store these credentials? What is the best, secure and preferred way to store 3rd party account credentials in Drupal 8?