Many daemons/apps need access to sensitive credentials. For example, a common web-application may need a password to query a database.
I have seen many different approaches to this. Some just store them in configuration files accessible [only] to the application. Others use password vaults, although one would still need a way to access that vault. In the Linux/Containerization world, it seems common to inject credentials as environment variables. I've even seen credentials stored directly in the software's source code. I'm sure there are many other approaches to this as well.
I'm curious what approach some of the more experienced folks in the OpenBSD universe prefer for managing these types of credentials -- especially when dealing with multiple servers.