I want to move access to the foreign cloud from the client applications to our server application.
This service is currently still running as a system user for too many customers, but in the future it will be a separate user account.

Either way, from the client computers, as well as as a "simple user" on the server, you wouldn't normally have access to the user account used by the service.


Currently, the client mostly still uses a database connection with SuperUser authorization, so that it would theoretically be easy to get the password that is stored in the database.
And the password has to be decryptable in order to use it for login, I can't hash it.
Unfortunately, the API does not offer the possibility of a restricted API key for the connection.

In addition, the RESTful service runs into a timeout every 30 minutes, so that so far after at least 30 minutes the user + password, almost unencrypted, goes from the client to the Internet, which in future will only happen from the more protected server, which normal users will access less have access.