Continue to store in configuration files. For the safe storage of configuration files, take care of the security of the server itself.
Base:
- Your "php system" code. No, seriously, check your code, test.
- Disable ssh with a password, use a key with a secret;
- Change the standard ssh port to 2k+, just so that the Chinese do not clog the logs;
- Set up a firewall, ideally, apart from the web server and ssh, nothing from the outside world should be available;
- Maintain up-to-date software versions on the server (at least web server, php, database not older than six months).

Um, how long have you been writing websites? Everything is stored in clear text in configuration files. Another thing is that these files should not be accessible from the outside.
And even if you encrypt (not the caching way), the person who hacked the server will still find a function by which you convert the cipher to a password.

Use ionCube to encrypt configuration files. Although if there is SSH to the server, it will not help.