best way to store tokens and api keys?

good morning,
i have a little question.
what is the best way in codeigniter 4  to keep tokens and passwords safe?
for example, in one of my portals, i use PayPal API. Currently i have a sort of config.php where inside i define a constant called: token to which i assign the value.
when i need the token, i call the constant.
the problem is that in case of direct access to the files that are on the server, anyone can see the token in clear.
the other path i had taken was to create a table and insert in MySql all the various tokens of the different services, obviously encrypted in MD5.
in this case, when i need the token, i call it directly through a query.

what do you think is the best method?
is there a safe place in codeigniter to store this type of data?