Securely store client database details

I'm adding functionality for regular exports of data from our databases to a clients database. Clients will supply database details which we need to keep secure. What would the best way of securely storing the connection details, ideally they'd be stored in our main mysql database. I'd definitely want to avoid storing the password's in plaintext.

At the moment my best guess is some form of encryption with a hard coded key in the codebase, but that isn't much better than plaintext.

Solution we decided on for securing client database passwords:

• Create and store encryption key in aws parameter store
• When adding passwords to mysql database, retrieve key from awsps, encrypt password and store
• When connecting to remote client dbs, retrieve key from awsps, decrypt password, use
• For local environments either use the the key stored on awsps (if there is no disadvantage to doing this) or check the environment and fallback to a local key value stored in a .ini file