I have an external API that I need to connect to from EPiServer, which requires a username and password. I want to make the credentials editable by administrators, so hard-coding or putting in a web.config is not an option. I was considering storing them as properties on the start page with a masked textbox like this post discusses:
https://world.episerver.com/forum/developer-forum/-Episerver-75-CMS/Thread-Container/2016/5/password-field-in-start-page-settings/
Although that one gives me pause because the actual password can be read by viewing the source of the page. I am looking for any other potential solutions that would allow me to store them somewhere securely, maybe in azure key vault. Has anyone else done this before?