The app will accept several sensitive strings such as account details used for a third party web API, web API keys, etc. I was originally going to just save them in plaintext in the DB. But I thought to encrypt them with something simple like BCrypt. But that wouldn't make sense because I'd have to save the hash and the plain text password.

In order to avoid saving the plaintext password, I could manually encrypt the password and save a "key" to decrypt it later. But I'd still be saving the key. So is it even worth going down this path?