You could use something like Crypt::OpenPGP to encrypt/decrypt your database configuration strings. Just be sure that nobody can see your private keys, assumed to be read-only to yourself, and hidden somewhere, say, ~/.ssh directory. Check the module documentations for details on how to encrypt/decrypt messages.