Otter can manage, store, and control access to tokens, passwords, API keys, or any other of the secrets that are needed for automating modern infrastructure using Resource Credentials.
You can associate different credentials with different Environments, and permit or restrict different Users from managing or viewing the actual passwords for credentials. Of course, credentials are always encrypted before being stored.
There are several built-in types, and new types may be added with an Extension:
In Microsoft's IIS, an Application Pool may be configured to run under a certain user account. Obviously, in order to do that, you must supply that username and password. Both of these fields are available on the Ensure App Pool operation, but that means you would need to have those values be stored in plain text, in your Plan.
Alternatively, you could create a Username & Password credential...
... and then specify that for the Otter credentials property.
Otter will automatically map the appropriate fields at configuration time, allowing you to give the team viability into which credentials are being used, without sharing the actual credentials themselves.