Passpack, it's free for 100 passwords and you can create a second one if you need more. I do Search Engine Marketing and always run into this at new jobs. It's amazing how many business owners can't stay on top of their passwords. You log into their accounts and some dude named Eric created it, but no one at the company remembers Eric.
For reference, it should be impossible even for system administrators to see your password. It should have been hashed, if they're storing your password in plain text you should be very concerned.
In terms of what you should avoid, it's actually password re-use. If you use the same password for twenty different websites, all your accounts are only as protected as the weakest website because the hacker will usually try entering your cracked username and password on multiple popular websites. Even just writing the name of the website URL at the end of your password would be a good minimal first step to reducing this risk. Ideally you should use a password manager such as KeePass or Passpack.
>The code will be made public. I cannot commit the config values there, but on top of that, I have to allow people to develop easily if they want.
So can't you just add the sensitive files into .gitignore and then share the values with other devs via email or private message? Another more secure option would be using a password manager such as Passpack or if you just want a very short term and secure option you can use Paste Vault
Lifehacker just had an article about this.
I should mention that the solution(s) we use aren't on there. We used to just use notebook pages on our project management system ActivCollab, and that let us store the passwords with other project notes, but wasn't encrypted. We wanted something a little more feature-full and a lot more secure for production environment credentials, so we made the move as a team to PassPack and that has worked pretty well.
Passpack: https://www.passpack.com
Accessible via the web, has a browser extension (although not as robust as other tools), but allows password sharing with other people and is pretty cheap. Some of those other tools can be expensive, depending on how many users need access to the passwords.
Passpack for password generation and storage. Web client so you can access it from any device by remembering two pieces of info (password and packing key). Free for personal and enterprise use, though paying a minimal cost of a few bucks a month lets you share passwords (r or rw) with others.