Passwordsafe , Vault


I’m looking for a way to securely store passwords and credentials and use them in commands?
I know the resource.cfg & macro approach, but if someone gets root access, the resource.cfg can be read.

Does somebody know a password safe or vault that can be accessed by Nagios/Naemon e.g. over a custom variable?

Or just encrypt the folder with the configuration files?

Any idea is greatly appreciated

BR Oliver