In your case using a regular string field with some custom lifecycle logic to encrypt/decrypt it (setting an encryption key in the .env or some secure location).
We don’t currently have any recommended solutions so it will need to be something custom for you to implement as needed. We have recently started moving all these secret storage to file based through the project (expecting them to be set in a .env)
alternatively if you are going custom you can handle the encryption and storage via the core_store: https://strapi.io/documentation/v3.x/concepts/configurations.html#configuration-in-database