I am looking for a safe way to save credentials (like SSH credentials) in the backend of a Webserver (which would be Node.js in my case).
I already thought about hashing, but then you have to enter the password every time and it should work without entering the password again.
For SSH credentials, I would recommend you Setup Passwordless SSH.
On server you/the application will use to SSH into the target server
$ ssh-keygen -t rsa # press enter on all prompts
The above command will generate SSH RSA private and public keys under the user’s home directory, /root/.ssh/. The private key, id_rsa has to be kept secure on the node. The public key, id_rsa.pub should be copied over to the target server that want to be accessed passwordlessly.
$ ssh-copy-id -i ~/.ssh/id_rsa <ip_address_of_the_target_server>
The command ssh-copy-id will simply copy the public key from the source server and add it into the destination server’s authorized key list, default to ~/.ssh/autohorized_keys of the authenticated SSH user. If password authentication is disabled, then a manual copy is required. On application node, copy the content of SSH public key located at ~/.ssh/id_rsa.pub and paste it into ~/.ssh/authorized_keys of the target now.
For more info on passwordless SSH check out this article: https://www.strongdm.com/blog/ssh-passwordless-login
For other credentials, more secure approaches would be to use
Environment Variables: Use a library like dotenv to load them securely during runtime.
Secure Credential Management Services: Dedicated services like AWS Secrets Manager, Azure Key Vault, or Google Cloud Secret Manager.
Session-Based Tokens: Instead of storing raw credentials, utilize temporary session tokens for authentication.
I hope all this helps.