Summary
For security and audit purposes, allow for integration from Bitbucket to store sensitive secrets in an external utility/tool. All local passwords or secret keys (passwords, api keys, tokens, passphrases, etc.) should be stored in this external tool through integration, and not in Bitbucket itself.

For example, Integration with Hashicorp Vault.