Don't store database credentials at all. Ensure your product and recommended database configuration supports SSO/SAML/etc with credentials managed through Okta or Active Directory. You'll need that if you go up-market into an enterprise.
You can't store database passwords as hashes, because you need the clear password each time to connect to the database. Really, the only way to guarantee security is to use air-gapped systems, in which case you only have to worry about guarding physical access. See https://www.nextgov.com/artificial-intelligence/2024/05/micr...
