ruby

How to store passwords in Ruby application configuration files?

There is a Ruby(Sinatra) application. In the configuration yml files, next to the code, a lot of confidential information is stored in clear text, mainly logins and passwords for external services. Obviously this is not good.
Actually, the question is, what methodology should be applied to storing all these settings, what patterns are currently used in these cases?
1. To encrypt data means to decrypt it. Ruby is a scripting language, as a result, the decryption logic is in plain sight.
2. Store not passwords, but irreversible password hashes. Not an option. Basically, these are passwords to external services that accept passwords themselves, and not their modifications.
3. Store settings in OS environment variables. It seems to me that this is the same as storing them in files. Or wrong? Moreover, there are many settings and they are dynamic. How to unload and install them after rebooting the OS?
Some extremely secure options are not needed. Enough to protect data from persons with access to the file system.
I would be grateful for elegant practices.