This article provides a simple model to follow when implementing solutions to protect data at rest. The Password Storage Cheat Sheet contains further guidance on storing passwords. The best way to protect sensitive information is to not store it in the first place. The use of dedicated secret or key management systems can provide an additional layer of security protection, as well as making the management of secrets significantly easier – however it comes at the cost of additional complexity and administrative overhead – so may not be feasible for all applications.”]
Source: https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html